Difference between revisions of "List of security measures taken for this site"
| Line 1: | Line 1: | ||
==Restrict Permissions== | ==Restrict Permissions== | ||
'''Eagle-rock.org''' was established in December 2011. At that time it was decided to allow visitors to create user accounts in order to read and contribute to the site. Over the years we had forgotten about the setting that allowed this until finally in September 2015 the site was targeted by '''spam bots'''<ref>[[Wikipedia:Spam Bots]]</ref>. Spam bots have gotten sophisticated enough to create an account and post articles. Once a spam bot gets in, it automatically calls other bots until there is a tidal wave of spam bots hammering the website. We learned this lesson the hard way. The only solution is to '''restrict permissions'''<ref>[https://www.mediawiki.org/wiki/Manual:Preventing_access Mediawiki:Preventing Access]</ref> by entering the following codes into '''LocalSettings.php.''' | '''Eagle-rock.org''' was established in December 2011. At that time it was decided to allow visitors to create user accounts in order to read and contribute to the site. Over the years we had forgotten about the setting that allowed this until finally in September 2015 the site was targeted by '''spam bots'''<ref>[[Wikipedia:Spam Bots]]</ref>. Spam bots have gotten sophisticated enough to create an account and post articles. Once a spam bot gets in, it automatically calls other bots until there is a tidal wave of spam bots hammering the website. We learned this lesson the hard way. The only solution is to '''restrict permissions'''<ref>[https://www.mediawiki.org/wiki/Manual:Preventing_access Mediawiki:Preventing Access]</ref> by entering the following codes into '''LocalSettings.php.''' | ||
| + | Needs correction --[[User:John|JE]] ([[User talk:John|talk]]) 14:11, 22 September 2015 (MDT) | ||
<pre>$wgGroupPermissions['*']['createaccount'] = false;</pre> | <pre>$wgGroupPermissions['*']['createaccount'] = false;</pre> | ||
Revision as of 20:11, 22 September 2015
Restrict Permissions
Eagle-rock.org was established in December 2011. At that time it was decided to allow visitors to create user accounts in order to read and contribute to the site. Over the years we had forgotten about the setting that allowed this until finally in September 2015 the site was targeted by spam bots[1]. Spam bots have gotten sophisticated enough to create an account and post articles. Once a spam bot gets in, it automatically calls other bots until there is a tidal wave of spam bots hammering the website. We learned this lesson the hard way. The only solution is to restrict permissions[2] by entering the following codes into LocalSettings.php.
Needs correction --JE (talk) 14:11, 22 September 2015 (MDT)
$wgGroupPermissions['*']['createaccount'] = false;
This setting blocks nonusers from creating accounts.[3] All accounts therefore must be created by an Administrator.
$wgGroupPermissions['*']['edit'] = false;
This setting blocks nonusers from editing pages. In order to edit a page, a user must get an account created by an Administrator.
File Upload Security
To prevent users from uploading files with malicious code to the Upload Directory, place a .htaccess file inside the 'images' directory with this content[4]:
# No php execution in the upload area php_admin_flag engine off
