Anyone who doesn't have a wiki account and needs one will have to ask one of the admins on the list.
Yes please. :) I spent quite a while last year working on spam defenses in MW. Here's a few suggestions: 1) The most common one is ConfirmEdit at: http://www.mediawiki.org/wiki/Extension:ConfirmEdit This provides some extra CAPTCHA options, by default only triggered if the new text includes any URL's, and an optional 'stronger' CAPTCHA module. Whatever your personal feelings about CAPTCHA, it remains one of the most effective defenses, although the serious Black Hats are getting pretty sophisticated with OCR techniques to defeat it. But it'll still prevent about 70% of your basic pharmacy and penile extension type bullplop. 2) To address Alan's pet hate of the "no cleanup method", there's a pretty good script at: http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/SpamBlacklist/cle anup.php This script attempts to revert any pages posted to by a subsequently blacklisted entity. 3) The SpamBlackList extensions, at: http://www.mediawiki.org/wiki/Extension:SpamBlacklist This allows you to import blacklists from a variety of sources, including the 'official' Meta Wiki blacklist. 4) Another extension I've heard good things about is Bad Behaviour, at: http://www.bad-behavior.ioerror.us/2007/01/08/bad-behavior-209/ Originally developed for WordPress, it has since been integrated into MW. It uses a variety of techniques to identify spam, and is said to be very effective, and will typically catch anything ConfirmEdit doesn't. I haven't actually tried this one though. 5) A standard trick for MW spam is the "hidden CSS spam" technique. This can be blocked by adding this to the LocalSettings.php: $wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i"; ... which blocks most of the suspect style attributes used by spammers (i.e. those to do with hiding a div, which almost never get used in 'normal' usage). 6) Another useful trick is to block connections with blank User-Agent (99.999% of the time this will be a spambot). Just add this to a .htaccess file: SetEnvIf User-Agent ^$ spammer=yes Order allow,deny allow from all deny from env=spammer There are dozens of other extensions, and some good 'best practice' docs I can point you at if you are interested. -- hugh