Combating MediaWiki Spam

From n0v4 Wiki
Revision as of 20:04, 20 October 2014 by Red (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is the procedure that provides a quick and easy method to delete a lot of spam and user accounts without much effort on the part of the administrator. (Instead of clicking to manually delete each user or page.) This will allow you to cleanup a lot of spam accounts and spam messages quickly and easily.

Merging users allows you to merge spam user accounts into one central account which you can later delete contributions all at once.


  • Install curl onto a server or computer. It does not need to be on the server that the MediaWiki installation is running. It is likely * already installed on the server.
  • Install the MediaWiki extension User Merge and Delete.
  • Install the MediaWiki extension Nuke.
  • Create a user account called "Spam". For the purpose of this page, replace all instances of 'Spam' in the code with your dummy spam account.
  • Install Cookies Manager+ on Firefox, or equivalent, in order to read cookie names and values from your browser.
  • Sign out of "Spam" account and sign in as your sysop account.

Merging Users

  • Use the userlist in the SpecialPages to make a list of what users are spam users. Sort by creation date if this makes it easier to determine spam accounts or not. (Good for low-volume wikis).
  • Inspect the list for users that should not be deleted!
  • Sign into your sysop account in Firefox (or preferable browser). In Tools > Cookies Manager+ (or equivalent viewer) find the cookies for the domain name your wiki is hosted on. Find the one that ends in _session.
  • Create and edit a file cookie.txt to have the following information. Replace \t with a tab and $session with the actual session data, replace n0v4wiki_session\tFALSE\t/\tFALSE\t0\tn0v4wiki_session\t$session

So it should look something like:   FALSE   /       FALSE   0       n0v4wiki_session        $session

Visit and view the source code. In the source code there is an element in the submit form that looks like this:

<input type="hidden" value="1234567890123456789012345+\" name="token" />
  • Copy-paste the value of the token into a url encoder, such as the one available here: URL encoder. Include the "+\" characters.
  • The encoded version you put into the following file on every line after "token=".
  • Create a file "" on your server or local computer (GNU/Linux or UNIX type OS's only.)


  • In your favorite editor add one line to the above file for each spam user. If you are familiar with many text editors you can easily create such a list from a space or newline or comma seperated list of spam users, which is easy to generate from the all userlist. Be sure to not include legitimate users or bots, since their contributions and page creations and user information will be obliterated by the end of this process. Be sure to replace the url with your domain name and subpath.
curl --cookie cookie.txt -d olduser= -d newuser=Spam -d deleteuser=1 -d submit=Merge+user -d token=

Be sure as you do this to add the token value. You should end up with a file with a bunch of lines that look like this, one for each spam account:

curl --cookie cookie.txt -d olduser=SpamAccounToBeDeleted -d newuser=Spam -d deleteuser=1 -d submit=Merge+user -d token=1234567890123456789012345%2B%5C
  • Save the file.
  • Make it executable:
chmod +x
  • Run it. It should take some time to complete depending on the speed of your internet, the speed of the server and how many users you are merging.

Deleting Spam Contributions

  • Visit Special:Nuke on your wiki.
  • Search for the username "Spam" on all namespaces.
  • Inspect the list for things that should not be deleted. (If you find any you may have accidentally deleted a legitimate user.)
  • Delete all selected.
  • You may have to do this multiple times if you have more spam contributions than 500 (or whatever parameter you change it to.) Changing the parameter too high may cause your PHP request to timeout.