Spam: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
 
Line 37: Line 37:
  $wgEmailConfirmToEdit = true;
  $wgEmailConfirmToEdit = true;


to force confirmation of email.
to force confirmation of email. I've also added [http://www.mediawiki.org/wiki/Extension:ConfirmAccount ConfirmAccount]


There is no automated way to ban users or delete posts, so you have to do that manually unfortunately.
There is no automated way to ban users or delete posts, so you have to do that manually unfortunately.


For cleanup I have installed [http://www.mediawiki.org/wiki/Extension:AbuseFilter AbuseFilter]
For cleanup I have installed [http://www.mediawiki.org/wiki/Extension:AbuseFilter AbuseFilter] and [http://www.mediawiki.org/wiki/Extension:NukeDPL NukeDPL]

Latest revision as of 19:09, 6 March 2011

BSD

On OpenBSD this should work out of the box. On FreeBSD you have to mount a fdescfs(5) filesystem in order to get this working. There is an effective way to block spam using pf and spamd (OpenBSD's version, not SpamAssassin's). These are taken directly from Bob Beck's slide presentation at BSDCAN 2005

in pf.conf (note variables):

table <spamd> persist
no rdr on { lo0, lo1 } from any to any
rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
table <spamd-white> persist
rdr pass inet proto tcp from !<spamd-white> to any port smtp -> 127.0.0.1 port 8025
pass in log on $ext_if inet proto tcp to $Mail_servers port smtp keep state
pass out log on $ext_if inet proto tcp from $Mail_servers to any port smtp keep state

and add the cronjob:

*/30    *    *    *    *    /usr/local/sbin/spamd-setup

Also probably worth your time to check out your spamd.conf although it shouldn't require modification to work out of the box.

Now moving on to the Testing:Process.

Mediawiki

As this server was attacked by spambots, I'll let you know of some of the resolutions that worked. First, make sure you're using the latest version of Mediawiki, older versions were easier to abuse.

Download the latest ConfirmEdit. In LocalSettings.php after getting your ReCaptcha keys:

require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
require_once( "$IP/extensions/ConfirmEdit/ReCaptcha.php" );
$wgReCaptchaPublicKey = 'yourpublickeyhere';
$wgReCaptchaPrivateKey = 'yourprivatekeyhere';
$wgCaptchaClass = 'ReCaptcha'; 

Put this in LocalSettings.php:

$wgEmailConfirmToEdit = true;

to force confirmation of email. I've also added ConfirmAccount

There is no automated way to ban users or delete posts, so you have to do that manually unfortunately.

For cleanup I have installed AbuseFilter and NukeDPL