How to delete a long list of spam users in MediaWiki

If your MediaWiki site has been spammed with tons of automatized account registrations (and it’s not new that captcha could not be enough to stop spammers) one preventive response is to install the ConfirmAccount extension. This extension disables direct account creation, requiring approval by admin users.

But how do you delete the long list of spam users that has been created?

Another extension comes to the rescue: User Merge and Delete. Once installed you can choose to merge the spam accounts with the Anonymous one and delete them from the database… one by one.

To delete a long list of spam accounts we can follow Viswaprabha’s crude but ingenious way to “automatize” the use of the UserMerge extension.

1.- First let’s get the following:

• Install the UserMerge extension
• Install in Firefox the Web Developer Add-On
• Python interpreter
• Install in Firefox the DownThemAll! Add-On

The trick consists in using the Web Developer Extension to get information from the UserMerge form. Information that we will concatenate with a list of spam accounts to produce a simple web page. In turn, the produced html page will be used by the Firefox DownThemAll! extension to instruct UserMerge to delete the spam users.

2.- We use the Special:ListUsers page of our MediaWiki to get a column-list of the spam account’s user names. This can be done, for example, copying, pasting and filtering the users list in a spreadsheet. Be careful not to include the legitimate users!

3.- Now, logged in as an admin user of the wiki, we go to the Special:UserMerge page using Firefox. Once in that page, we select in the tool bar of the Web Developer extension Forms > Convert Forms Methods > Convert GETs to POSTs. Then Forms > View Form Information will open a page where the information we need is the session token that is unique to a browsing session (e.g. 2c05d520d9b202235c03e8fe8ll8khB)

4.- We then use a Python script to concatenate the generated list from step 2, let’s say in a userslist.txt file, with the session token from step 3 and produce an html file. Here is below an example of such a script. Notice that to use it yourself you need to replace Your Wiki Domain and the token

#!/usr/bin/python
# Concatenate a list of users to produce URLs which delete them using UserMerge Extension for MediaWiki
# Usage: python concatenate_UserMerge_MediaWiki.py userslist.txt > userURLlist.html

import sys

input = open(sys.argv[1])
count = input.readlines()
g = len(count)
input.close()

print ""

input = open(sys.argv[1])

for k in range(g):
line = input.readline()
print "User URL Link"

input.close()

print ""

The usage of the script above, named for example concatenate_UserMerge_MediaWiki.py, is:

python concatenate_UserMerge_MediaWiki.py userslist.txt > userURLlist.html

5.- Our last step is use the html page generated above with the Python script, e.g. userURLlist.html. When we open this file with Firefox we should see a page full of links, each one of those representing an instance to instruct the UserMerge extension in our wiki to delete one user. To effectively visit each of these links and execute UserMerge we use the DowThemAll! Firefox extension on the, e.g. userURLlist.html page. It is important that for this step you are still logged in within the same session of step 3

As the download of our links progresses, the spam accounts will be deleted by UserMerge.

Apart from UserMerge, the other tools used for the steps above can be replaced with alternatives to generate the list, the web page with links and to visit those links. Any suggestions of your own? Your comments below are welcome!