My MediaWiki site is currently under the spammers attack. I get around 10 spam pages registered daily.
What I've I already done:
What else can I do to stop the spam?
It's counter-intuitive, but I have found this combination very effective:
#1 is the most important step. It's easy for spammers to create throwaway accounts.
A CAPTCHA makes only a small difference, not worth the extra bandwidth cost for the images.
The hundreds of throwaway accounts are almost as big a problem as the spam postings.
#2 reduces the volume of spam by at least 1/3.
The only robots that get past SimpleAntiSpam are those specially designed for MediaWiki, not the ones that fill in all textarea
s in every web page everywhere.
Similarly if your site has SSL, SecurePages (or its predecessor HttpsLogin) thwarts some bots that don't have SSL support.
#3 will stop you getting the same spam posting (or variants of it) repeatedly. If you update the blacklist regularly that should reduce the volume of spam by another 10-20%.
And remember the spammers will run out of paying customers (you eliminate one for every domain you block links to) long before they run out of public proxies/zombies to post from.
#4 does not increase the volume of spam as much as you might expect. There's a popular MediaWiki-spamming bot that never attempts to post anonymously - it gives up when it cannot find the "create account" link.
And if you don't do this, you don't have a wiki anymore (you just have a static website using MediaWiki as a CMS.)
There is a small bonus - it makes it easier to find (and block) the spammers' IP addresses. Of course you can get the IP addresses using CheckUser or by reading the database directly, but it's much easier when the IP address is in plain sight.
#5 is the least effective measure, but it's still worth doing. Spammers do re-use IP addresses. They may be cheap but they are not infinite, and sometimes you will catch one of those runaway robots that posts a spam page every 5 minutes.
#6 doesn't prevent spam, but it allows you to clean up your user list page once you have other anti-spam measures in place.