I have the CheckUser extension to the Mediawiki software installed, which allows me to see the IP address of any user without having to directly query the underlying database. For the first few weeks of operation of Fractured Fairfax at its new home I made good use of it, adding the IP address of any spammer to the block log and deleting their spam within minutes of it appearing on Fractured Fairfax.
However, this is the same methodology I was using with the old incarnation of Fractured Fairfax, and it's like trying to empty a lake with a shovel: you can do it, but it's tedious and you can't help but think there's a better way to get the job done.
What I wound up doing was first closing Fractured Fairfax to anonymous editing by editing the LocalSettings.php file like so:
# Anonymous users can't create or edit pages
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['edit'] = false;
Next, I made it so that only registered users with accounts older than five days could edit:
#Only users with accounts five days old or older can edit or create pages or talk pages
$wgGroupPermissions['user' ]['createpage'] = false;
$wgGroupPermissions['user' ]['createtalk'] = false;
$wgGroupPermissions['user' ]['edit'] = false;
$wgGroupPermissions['autoconfirmed']['createpage'] = true;
$wgGroupPermissions['autoconfirmed']['createtalk'] = true;
$wgGroupPermissions['autoconfirmed']['edit'] = true;
$wgAutoConfirmAge = 86400 * 5; # Five days times 86400 seconds/day
However, this still allowed the spambots to edit their own talk pages and post their shit, and I'd have to go in and manually delete it. Disabling the ability to create pages or talk pages did not stop it, so my next step was to protect all the pages in the User Talk namespace.
First I created the new "usertalkedit" array which allowed me to apply protection to pages in the User Talk namespace:
#Create the usertalkedit array
$wgNamespaceProtection[NS_USER_TALK] = array('usertalkedit');
Then I added permissions so that only people who were autoconfirmed or sysops could edit pages in the User Talk namespace:
$wgGroupPermissions['*']['usertalkedit'] = false; #no anonymous users
$wgGroupPermissions['user']['usertalkedit'] = false; #no regular users
$wgGroupPermissions['autoconfirmed']['usertalkedit'] = true; #autoconfirmed users
$wgGroupPermissions['sysop']['usertalkedit'] = true; #sysops
So, at this point you could only edit pages (including User Talk pages) if you had an account that was older than five days or if you were a sysop. I envisioned a case where someone might want to edit pages but not have to wait five days, so I went ahead and created another group of users called "manualconfirmed", which has the same permissions as an autoconfirmed user, but since I can add people to that group as a sysop, they won't have to wait the full five days.
#Add a new group called "manualconfirmed"
#this has all the same permissions as an autoconfirmed user, but without the wait
$wgGroupPermissions['manualconfirmed'] = $wgGroupPermissions['user'];
$wgGroupPermissions['manualconfirmed']['edit'] = true;
$wgGroupPermissions['manualconfirmed']['createpage'] = true;
$wgGroupPermissions['manualconfirmed']['createtalk'] = true;
$wgGroupPermissions['manualconfirmed']['usertalkedit'] = true;