Any ways to tweak MediaWiki sources for rejecting anonymous requests faster? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 9 years ago.

Improve this question

One of our MediaWiki - based projects seems under DoS attack - unusual number of anonymous users try to edit pages and view or edit history requests. While anonymous editing is disabled on that project and these anonymous users (I assume, bots) cannot actually change the pages, the load is serious enough to slow the server significantly.

One of the ideas seem to alter the MediaWiki PHP code to reject anoymous requests faster. Anonymous visitors only need to view pages; they are not supposed to edit, view page sources or view history. It would be even more interesting to use something like IPTables for shielding following this criteria. We have root access to the server.

Is it possible to alter PHP or to employ some external tool for efficient blocking of all anonymous MediaWiki requests apart from viewing the article content?

I have read, and keep watching, the more general question about DoS protection here and here. The reason of posting this separately is maybe we could do something MediaWiki specific.

Answer 1

Have you tried changing the UserRights? The MediaWiki docs show how to edit LocalSettings.php to set rights.

As with a firewall, you should start by disallowing all edit privs, then add it back in for groups you want to allow (like registered users).

From their manual, http://www.mediawiki.org/wiki/Manual:User_rights

This example will disable editing of all pages, then re-enable for 
users with confirmed e-mail addresses only:


 # Disable for everyone.
 $wgGroupPermissions['*']['edit']              = false;
 # Disable for users, too: by default 'user' is allowed to edit, even if '*' is not. 
 $wgGroupPermissions['user']['edit']           = false;
 # Make it so users with confirmed e-mail addresses are in the group.
 $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
 # Hide group from user list. 
 $wgImplicitGroups[] = 'emailconfirmed';
 # Finally, set it to true for the desired group.
 $wgGroupPermissions['emailconfirmed']['edit'] = true;