[Olpc-sysadmin] Wiki spam: temporarily add captchas for IP-user edits

[Mel Chua]

High-priority, quick implementation (<5min for someone with privs).

We have been hit by a flood of publicwiki vandalism that started at 
15:19 on 2008-12-17. The vandalism is consistent, done only by 
not-logged-in users, and continuing (approx. once every half-hour, often 
more frequently) and seems like the work of a bot; it comes from 
different IP addresses and usually includes the text "(FIELD_OTHER)" (no 
quotes) in the spam edit, though it sometimes includes single words of 
gibberish, as in here: 
http://wiki.laptop.org/index.php?title=Le_Wiki_de_OLPC&curid=5062&diff=187187&oldid=153569 
(The FIELD_OTHER and gibberish edits come from the same IP addresses, 
and those IP addresses have nothing except vandalizing edits.)

Sysop Chris Leonard (cjl) first spotted the vandalism and began to fight 
it tonight, reverting vandalized pages en masse; Joachim Pedersen 
(joachimp) soon joined in on the effort to identify the rogue IP 
addresses, and Michael Stone (m_stone) looked for ways to stop the 
spamming at the source. #olpc logs starting from approximately 1:23am 
EST detail much of the conversation. Over an hour of constant reverts 
and blocks later, we think we've cleaned up the bulk of the spam, but 
wiki-gang should take another pass after the captcha is implemented, as 
well to make sure this type of thing won't happen (as easily) again. 
Thanks to Chris, Joachim, and Michael for their heroic late-night responses.

Short term solution: add a captcha for all edits and new page creations 
for users who are not logged in (i.e. IP users).

Long term solution: I'm at a loss for how to track this down further and 
stop it at the source. Can VIG advise? (Also suggest following-up on any 
discussion this thread my have gathered on the wiki-gang list, see 
http://lists.laptop.org/pipermail/wiki-gang/2008-December/thread.html 
and look for the subject of this email.)

To implement the short-term solution, someone with edit access to this 
file on pedal needs to add the below lines in 
/var/www/wiki.laptop.org/LocalSettings.php

--- add these lines ---

## To combat wiki spam
## From http://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
## Puts CAPTCHAs on all edits and new page creations unless you are 
logged in

$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // 
registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit']          = true;
$wgCaptchaTriggers['create']        = true;
$wgCaptchaTriggers['addurl']        = true;
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin']      = true;