If you don't want to use the export-and-reinstall method suggested by danlefree, you might also find the Nuke extension useful. Once installed, visiting the special page Special:Nuke as an administrator gives you a form like this:
![Screenshot of MediaWiki Nuke extension interface](https://cdn.statically.io/img/i.sstatic.net/MPAju.png)
There are also several built-in MediaWiki maintenance scripts that could be useful, including:
cleanupSpam.php, which can be used to rollback and/or delete all revisions containing a link to a particular hostname,
deleteBatch.php, which can be used to delete all pages listed in a file, and
rollbackEdits.php (which doesn't currently seem to have proper on-wiki documentation), which can be used to roll back all edits of a specified user.
Spam cleanup using direct database access
It's also be possible to do what you want by directly manipulating the database. There details can vary a bit depending on your situation, but the basic steps would go something like this:
Set your wiki to read-only mode. You do not want someone to try editing the wiki while you're messing with the database.
Make a backup of your wiki. (This is highly recommended before any irreversible mass deletions anyway.)
Delete all user accounts created by the spammers. If, as in the question above, you were the only valid user, you can just do:
DELETE FROM user WHERE user_id != YOUR_USER_ID;
Alternatively, if no new valid accounts were created after the spammers discovered the wiki, you can find the highest valid user ID number and do:
DELETE FROM user WHERE user_id > LAST_VALID_USER_ID;
Or you can use an admin tool like phpMyAdmin to manually pick out the valid accounts and delete the rest.
Clean up the extra data associated with the deleted accounts. This is not strictly necessary, but those orphaned records have no use and will just clutter your database if you don't delete them:
DELETE FROM user_groups WHERE ug_user NOT IN (SELECT user_id FROM user);
DELETE FROM user_properties WHERE up_user NOT IN (SELECT user_id FROM user);
DELETE FROM user_newtalk WHERE user_id NOT IN (SELECT user_id FROM user);
Delete any revisions not made by a valid user:
This is the big step; everything before it was preparation, everything after it is cleanup. With all the spam accounts deleted, you can simply do:
DELETE FROM revision WHERE rev_user > 0 AND rev_user NOT IN (SELECT user_id FROM user);
If your wiki had anonymous editing disabled (which I strongly recommend for private / test wikis), the query above should be enough to get rid of all the spam revisions. If you had anon editing enabled, though, you'll have to nuke the anonymous spam separately.
If you're sure that all anon edits on your wiki are spam, the only edits made by UID 0 that we may need to preserve are those made by MediaWiki itself (such as pages imported from outside the wiki). In that case, something like the following query should work:
DELETE FROM revision WHERE rev_user = 0 AND rev_user_text BETWEEN '1' AND '999';
This will delete any revisions by UID 0 where the username looks (vaguely) like an IPv4 address; that is, it starts with a digit between 1 and 9.
If your wiki has some actual legitimate anon edits, you may have to get a bit more creative. If the number of IP addresses used by legitimate unregistered editors is limited, you can just add a clause like AND rev_user_text NOT IN ('1.2.3.4', '5.6.7.8', '9.10.11.12')
to the query above to exclude contributions by those IPs from deletion. You can also add conditions like, say, AND rev_user_text NOT LIKE '192.168.%'
to save all edits from IP addresses beginning with a particular prefix.
The queries above will get rid of the spam revisions (although their content will still remain in the text
table), but will leave the page_latest
field of any affected pages pointing to a nonexistent revision. This could cause confusion, so we'd better fix it.
First, we need to wipe out the page_latest
column for all pages:
UPDATE page SET page_latest = 0;
Next, we'll rebuild the column, either by running the attachLatest.php maintenance script (recommended; remember to use the --fix
parameter so that the script actually changes the database) or with a manual SQL query:
UPDATE page SET page_latest =
(SELECT MAX(rev_id) FROM revision WHERE rev_page = page_id);
Finally, we'll delete all pages for which no valid revisions could be found (because they were created by spammers, and never had any valid content):
DELETE FROM page WHERE page_latest = 0;
For a final touch, rebuild the links, text index and recent changes tables by running the rebuildall.php maintenance script. You may also want to remove the content of the deleted spam revisions from the database, so that they won't take up unnecessary space there, by running the purgeOldText.php maintenance script.
Once that's all done, check that everything looks good, and if so, turn off read-only mode — hopefully after installing some anti-spam features to keep the problem from reoccurring.
For small wikis, I highly recommend the QuestyCaptcha extension, which allows you to configure a simple custom text-based CAPTCHA. The trick is that, with every wiki having its own set of questions, programming a spambot to answer them correctly would be a lot of work for very little gain. I installed it on my own wiki after getting hit by XRumer a couple of times, and have seen no spam ever since.
Ps. I have used these instructions to nuke about 35,000 spam revisions created by equally many users from a small wiki. Everything went fine. In this particular case, the wiki (fortunately!) did not allow anonymous editing, and almost all of the legitimate users were created before the spammers found the wiki, so I could fairly easily first delete all the spam accounts, and then all the revisions they'd created. (I did accidentally delete one legitimate account at first, so I had to restore from backup and redo the process more carefully.) I've updated the instructions above to better reflect what I actually ended up doing, and to be a bit more generic.