When spammers hit your wiki

First, put the wiki on lockdown

To temporarily disable account creation and anonymous editing, a sysadmin can put this in LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;

Then install Block and Nuke [1] extension. NB you need to edit BlockandNuke.php see [2].

This will block all users and delete their posts apart from those specified. It won't delete page revisions either.

SSH to your host, edit whitelist.txt and use

php ban.php --hammer

(it will do a dry run if you don't use the hammer!)

Only after this, try to use the web version if you feel you must. Don't worry if it doesn't work, continue here.

in the maintenence/ directory there are a few scripts to run with php-cli as well:

deleteArchivedRevisions.php to purge deleted edits from your database,

removeUnusedAccounts.php --delete to also purge accounts.

purgeOldText.php --purge

Find your users in the user table in the database and export them to an sql file. truncate the user table and then re-insert them.

Find from when the logging was screwed. Delete the logging from then (eg DELETE FROM `logging` WHERE log_timestamp like '20160612%')

NB This doesn't work!!! Find from when the revision was screwed. Delete the revision from then (eg DELETE FROM `revision` WHERE rev_timestamp like '20160612%'). To roll back a reverted page, click on the date of the version you want, edit it and save this page (put the word revert in the summary)

Find from when the archive was screwed. Delete the archive from then (if there is any left after deleteArchivedRevisions)

Then you need to start emptying from the following tables in the database: filearchive, ipblocks, i10n_cache, objectcache, querycachetwo, recentchanges