Thread:Project:Support desk/$wgGroupPermissions not preventing spammers creating new pages/reply (7)

> The only way I think they could circumvent this is if you have a wiki pointing to the same database under a different URL, with different LocalSettings.php that allow creating such pages.

I'm another admin on the site, and thank you for this suggestion - it may well be the answer. After a review of the access logs, it appears that an older installation was still accessible and had been discovered by the spammers. After making that secure, we're still seeing a lot of traffic trying to access the site through the old address, but with no spam appearing in the last 24 hours or so.