Thread:Project:Support desk/Cannot seem to secure my wiki from unauthorized account creations, edits, etc.

MediaWiki 	1.15.2 PHP 	5.3.5 (apache2handler) MySQL 	5.1.54-log

I have a Mediawiki installation at Climatewiki.org. Over the past several months, we've had many occasions of unwanted spam entries, even edits to existing pages. After each episode, I would discover the LocalSettings.php had been modified back to less-secure settings. I'd replace it with my more-secure version and things would be fine again for awhile.

This episode is different. I've pasted my LocalSettings.php below. But it hasn't made a difference -- account creation is still being permitted, even though I'm fairly sure it shouldn't be. I'm wondering now if someone who knows more about this stuff than I do has somehow over-ridden the localsettings.php. How would they do that?

Any help would be appreciated. LocalSettings.php currently is (I've replaced with xxxxx passwords and other information I'd rather not share); relevant settings at the bottom of the file:

<?php


 * 1) This file was automatically generated by the MediaWiki installer.
 * 2) If you make manual changes, please keep track in case you need to
 * 3) recreate them later.
 * 4) See includes/DefaultSettings.php for all configurable settings
 * 5) and their default values, but don't forget to make changes in _this_
 * 6) file, not there.
 * 1) file, not there.

if( defined( 'MW_INSTALL_PATH' ) ) { $IP = MW_INSTALL_PATH; } else { $IP = dirname( __FILE__ ); }
 * 1) If you customize your file layout, set $IP to the directory that contains
 * 2) the other MediaWiki files. It will be used as a base to locate files.

$path = array( $IP, "$IP/includes", "$IP/languages" ); set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path );

require_once( "$IP/includes/DefaultSettings.php" );


 * 1) If PHP's memory limit is very low, some operations may fail.
 * 2) ini_set( 'memory_limit', '20M' );

if ( $wgCommandLineMode ) { if ( isset( $_SERVER ) && array_key_exists( 'REQUEST_METHOD', $_SERVER ) ) { die( "This script must be run from the command line\n" ); } }
 * 1) Uncomment this to disable output compression
 * 2) $wgDisableOutputCompression = true;

$wgSitename        = "ClimateWiki";

$wgScriptPath      = '.' == '.' ? '' : "/."; $wgScriptExtension = ".php";
 * 1) The URL base path to the directory containing the wiki;
 * 2) defaults for all runtime URL paths are based off of this.


 * 1) For more information on customizing the URLs please see:
 * 2) http://www.mediawiki.org/wiki/Manual:Short_URL

$wgEnableEmail     = true; $wgEnableUserEmail = true;

$wgEmergencyContact = "xxxxxxxxxx"; $wgPasswordSender = "xxxxxxxxxx";

$wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true;
 * 1) For a detailed description of the following switches see
 * 2) http://www.mediawiki.org/wiki/Extension:Email_notification
 * 3) and http://www.mediawiki.org/wiki/Extension:Email_notification
 * 4) There are many more options for fine tuning available see
 * 5) /includes/DefaultSettings.php
 * 6) UPO means: this is also a user preference option

$wgDBtype          = "mysql"; $wgDBserver        = "localhost"; $wgDBname          = "xxxxxxxx"; $wgDBuser          = "xxxxxxxx"; $wgDBpassword      = "xxxxxxxx";

$wgDBprefix        = "";
 * 1) MySQL specific settings

$wgDBTableOptions  = "TYPE=InnoDB";
 * 1) MySQL table options to use during installation or update

$wgDBmysql5 = false;
 * 1) Experimental charset support for MySQL 4.1/5.0.

$wgDBport          = "5432"; $wgDBmwschema      = "mediawiki"; $wgDBts2schema     = "public";
 * 1) Postgres specific settings

$wgMainCacheType = CACHE_ACCEL; $wgMemCachedServers = array;
 * 1) Shared memory settings

$wgEnableUploads      = true;
 * 1) To enable image uploads, make sure the 'images' directory
 * 2) is writable, then set this to true:
 * 1) $wgUseImageMagick = true;
 * 2) $wgImageMagickConvertCommand = "/usr/bin/convert";


 * 1) If you want to use image uploads under safe mode,
 * 2) create the directories images/archive, images/thumb and
 * 3) images/temp, and make them all writable. Then uncomment
 * 4) this, if it's not already uncommented:
 * 5) $wgHashedUploadDirectory = false;

$wgUseTeX          = false;
 * 1) If you have the appropriate support software installed
 * 2) you can enable inline LaTeX equations:

$wgLocalInterwiki  = $wgSitename;

$wgLanguageCode = "en";

$wgProxyKey = "2c21d20c6f19cea85a0b002c4939b1e967f57ca2203b35b33e91b8b07bb086a5";

$wgDefaultSkin = 'monobook';
 * 1) Default skin: you can change the default skin. Use the internal symbolic
 * 2) names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook':

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = ""; $wgRightsText = ""; $wgRightsIcon = "";
 * 1) For attaching licensing metadata to pages, and displaying an
 * 2) appropriate copyright notice / icon. GNU Free Documentation
 * 3) License and Creative Commons licenses are supported so far.
 * 4) $wgEnableCreativeCommonsRdf = true;
 * 1) $wgRightsCode = ""; # Not yet used

$wgDiff3 = "";

$wgCacheEpoch = max( $wgCacheEpoch, gmdate( 'YmdHis', @filemtime( __FILE__ ) ) );
 * 1) When you make changes to this configuration file, this will make
 * 2) sure that cached pages are cleared.

$wgLogo            = "/skins/monobook/climatewiki-logo.png";

$wgGroupPermissions['*']['createaccount'] = false;
 * 1) Prevent new user registrations except by sysops

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createtalk'] = false;
 * 1) Anonymous users can't create pages or talk

require_once( "$IP/extensions/googleAnalytics/googleAnalytics.php" );