Monday, 9 January 2012

Mediawiki Lockdown - How to make your wiki private

For some years now I have been using a couple of private wikis for storing and sorting short notes on topics and interests.

Wikicliki - general wiki
Design Patterns - design and scripting wiki (for my students)
Disukowiki - language wiki

Lately there have been some issues with spam bots which seem to be getting smarter but even more bizarre, creating generic account names of the same type, and generating or writing over my pages with what looks a lot like actual paragraphs of useful information about random irrelevant topics (examples being: homopathy, ugg boots, weather, self-confidence mastery, etc) sometimes with no outbound links. Why do the spambots do this, it is still a complete mystery to me. It serves no purpose (not even SEO-wise for them) except to be a real pain in the ass to the wikisysop.

What makes me sad is the abuse of the system that actually has the potential of providing open space for some really interesting things, so I almost find it a pity to close it up. Some years back, once there was someone who posted on my wiki saying they were doing an experiment in which they stored chunks of (gibberish/encoded) data over a number of open wikis.

They set up anonymous accounts on people's open wikis (like mine), and posted these encrypted chunks of data in text form. In posting these fragments of the file online, their experiment/goal was to create a system in which people could transmit a really large and encrypted file to someone else. The recipient would have to locate and visit all these wikis to find the numerous segments of encrypted data, and then recompile it together with their prearranged encryption key to get the original huge file. A brilliant idea, although perhaps it would be a bit tedious in practice.

On that bittersweet note:
If you haven't edited your wiki's settings yet, do this now. Add this to LocalSettings.php:

# Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false;

# Disable editing by ALL users
$wgGroupPermissions['user']['edit'] = false;

# Enable editing by ONLY sysops
$wgGroupPermissions['sysop']['edit'] = true;

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

After doing this, make sure you open up your FTP browser and chmod LocalSettings.php to 600. Duplicate a copy of LocalSettings.php and rename it to LocalSettings_date.php so that in case something unexpected happens you still have a backup of LocalSettings.php from when it was still alright...

Picture 23

You can look at the Mediawiki guide to Preventing Access to see more options on how you can tailor the privacy settings (for example, you could set it so that only users with accounts of a certain age, like say a few weeks, can create new pages).

No comments:

Post a Comment