Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Mediawiki

CAPTCHA recommendation for account-creation bots?

 

 

Wikipedia mediawiki RSS feed   Index | Next | Previous | View Threaded


danb at VistaPrint

Feb 27, 2012, 9:57 AM

Post #1 of 18 (1701 views)
Permalink
CAPTCHA recommendation for account-creation bots?

Spam bots are creating accounts on my music wiki (http://www.blazemonger.com/GG/Special:RecentChanges). What is the best extension to prevent this? I installed ConfirmEdit and tried the default CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment with the many other options, I thought I'd ask what people recommend.

Fortunately the bots can't edit articles, just create useless accounts.

Thanks,
DanB

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


eluken at pentarch

Feb 27, 2012, 10:34 AM

Post #2 of 18 (1666 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

I ended up linking accounts on my wiki to the associated SMF forum. Since
the account creation there human moderated, I've had zero bot accounts on
the wiki since. Now I just need to go through and clean out the bots from
the wiki.

Erik

-----Original Message-----
From: Daniel Barrett
Sent: Monday, February 27, 2012 11:57
To: MediaWiki announcements and site admin list
Subject: [Mediawiki-l] CAPTCHA recommendation for account-creation bots?

Spam bots are creating accounts on my music wiki
(http://www.blazemonger.com/GG/Special:RecentChanges). What is the best
extension to prevent this? I installed ConfirmEdit and tried the default
CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment
with the many other options, I thought I'd ask what people recommend.

Fortunately the bots can't edit articles, just create useless accounts.

Thanks,
DanB

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


2007 at gmaskfx

Feb 27, 2012, 10:35 AM

Post #3 of 18 (1666 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

You can try ReCaptcha but I found that questy captcha works really well. I just ask the user a really dumb question like where is Tokyo?



________________________________
From: Daniel Barrett <danb [at] VistaPrint>
To: MediaWiki announcements and site admin list <mediawiki-l [at] lists>
Sent: Monday, February 27, 2012 9:57 AM
Subject: [Mediawiki-l] CAPTCHA recommendation for account-creation bots?

Spam bots are creating accounts on my music wiki (http://www.blazemonger.com/GG/Special:RecentChanges). What is the best extension to prevent this? I installed ConfirmEdit and tried the default CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots.  Before I experiment with the many other options, I thought I'd ask what people recommend.

Fortunately the bots can't edit articles, just create useless accounts.

Thanks,
DanB

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


dvd at enlloc

Feb 27, 2012, 11:06 AM

Post #4 of 18 (1674 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

My experience is that ReCaptcha is broken and the spammers pass it.
My best experience is with questy captcha as well. You can ask for
something in the interface or some simple question like "How many ears
have got tree elephants?"

El dl 27 de 02 de 2012 a les 10:35 -0800, en/na 2007 [at] gmaskfx va
escriure:
> You can try ReCaptcha but I found that questy captcha works really well. I just ask the user a really dumb question like where is Tokyo?
>
>
>
> ________________________________
> From: Daniel Barrett <danb [at] VistaPrint>
> To: MediaWiki announcements and site admin list <mediawiki-l [at] lists>
> Sent: Monday, February 27, 2012 9:57 AM
> Subject: [Mediawiki-l] CAPTCHA recommendation for account-creation bots?
>
> Spam bots are creating accounts on my music wiki (http://www.blazemonger.com/GG/Special:RecentChanges). What is the best extension to prevent this? I installed ConfirmEdit and tried the default CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment with the many other options, I thought I'd ask what people recommend.
>
> Fortunately the bots can't edit articles, just create useless accounts.
>
> Thanks,
> DanB
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l



_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


Frank.Ralf at gmx

Feb 27, 2012, 11:19 AM

Post #5 of 18 (1661 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

> Before I experiment with the many other options, I thought I'd ask what people recommend.

Hi Dan,

I don't have any experience with MediaWiki antispam solutions but with Drupal I use http://drupal.org/project/spamicide: "Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded."

That's not only much more userfriendly as it doesn't require any extra effort from the user but quite effectiv for preventing spam. I shouldn't be to difficult to use the same mechanism in an extension.

hth
Frank

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


Frank.Ralf at gmx

Feb 27, 2012, 11:21 AM

Post #6 of 18 (1664 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

> I shouldn't be to difficult to use the same mechanism in an extension.

And here it is: http://www.mediawiki.org/wiki/Extension:SimpleAntiSpam ;-)



_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


lists at nadir-seen-fire

Feb 27, 2012, 11:23 AM

Post #7 of 18 (1661 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On Mon, 27 Feb 2012 11:19:48 -0800, Frank Ralf <Frank.Ralf [at] gmx> wrote:

>> Before I experiment with the many other options, I thought I'd ask what
>> people recommend.
>
> Hi Dan,
>
> I don't have any experience with MediaWiki antispam solutions but with
> Drupal I use http://drupal.org/project/spamicide: "Spamicide adds an
> input field to each form then hides it with css, when spam bots fill in
> the field the form is discarded."
>
> That's not only much more userfriendly as it doesn't require any extra
> effort from the user but quite effectiv for preventing spam. I shouldn't
> be to difficult to use the same mechanism in an extension.
>
> hth
> Frank

We have that too:
https://www.mediawiki.org/wiki/Extension:SimpleAntiSpam

But if the bot is smart enough to register for accounts and handle
captchas, it might not be easily tripped up by such a simple measure.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


sumanah at wikimedia

Feb 27, 2012, 11:49 AM

Post #8 of 18 (1684 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On 02/27/2012 02:17 PM, mediawiki-l-request [at] lists wrote:
> Date: Mon, 27 Feb 2012 17:57:14 +0000
> From: Daniel Barrett <danb [at] VistaPrint>
> To: MediaWiki announcements and site admin list
> <mediawiki-l [at] lists>
> Subject: [Mediawiki-l] CAPTCHA recommendation for account-creation
> bots?
> Message-ID:
> <68CF225601ADF74BA1F8A2511535F85D0A9D20DB [at] WNDMAIL02>
> Content-Type: text/plain; charset="us-ascii"
>
> Spam bots are creating accounts on my music wiki (http://www.blazemonger.com/GG/Special:RecentChanges). What is the best extension to prevent this? I installed ConfirmEdit and tried the default CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment with the many other options, I thought I'd ask what people recommend.
>
> Fortunately the bots can't edit articles, just create useless accounts.
>
> Thanks,
> DanB

I'll take this opportunity to point out that Dan's not the only one.
People who run MediaWiki instances come into IRC (#mediawiki) every day
asking for help fighting spam and vandalism. Some emails that have come
my way (reprinted with permission):

Jason Vertrees wrote:
> HI Sumana,
>
> After opening up my wiki for free registration, I immediately got
> three spam accounts. One turned into real spam being injected into and
> then cleaned from the wiki. None of the methods aside from preventing
> self-registration seem to work against spam. Unfortunately, this also
> prevents growth.
>
> I read the links you provided--do you have anything else more proactive?
>
> Thanks,
>
> -- Jason


Sergey Chernyshev wrote:
"Do you by any chance know a reliable way to combat spam? I'm tired of
the hordes of spammers attacking my MW projects.... Unfortunately, I'm
well aware of current anti-spam features and none of them simplify the
spam combat to the level similar to WordPress, for example."
(http://www.mediawikiwidgets.org/)

Anne Gray wrote of sfeditorwatch.com and sfartistwatch.com, which have
Google Analytics, ReCaptcha and Bad Behavior installed:
>
> Thank you for offering to help try to figure out what's gone wrong
> with sfeditorwatch.com and sfartistwatch.com. Cheryl's email reminds
> me that activity on the sf editors wiki was really picking up for a
> while, the year before it started getting attention from spambots.
> Once I started having to protect pages to keep from losing content and
> the wiki started being full of spam, participation declined sharply.
> It rapidly hit the point where I as an administrator couldn't possibly
> hope to keep up. Then reCaptcha broke and people *couldn't* edit
> their own pages. At this point, I'm pretty sure bots are almost the
> only thing active there....
[snip]
> Sfartistwatch never really took off partly, I think, because it's
> really non-obvious how to post images (I still have never learned).
> And I'm worried that if we turn it on, it will get hit by the kind of
> spammers that are posting hundreds of spam images to the Carl Brandon
> society wiki...
>
> I don't know enough to set up bots to patrol, to set up notifications
> so that I as the administrator can "watch" all the pages, or to use
> scripts or whatever to nuke the massive amounts of spam pages that are
> created regularly. Bots are clearly getting past recaptcha to
> register users (they're doing that on the carl brandon wiki, too), and
> the "Random page" button is totally useless for a visitor who is
> actually interested in the topic of the wiki (is there a way to
> reprogram that, so it only selects a random page that has a category,
> at least? (it would be sooo nice, when you Block a user for spam or
> vandalism, for the following page to list pages that user created,
> with checkboxes beside them, and provide the option to select all of
> them at once and delete them. Even better if it gave the option of
> automatically protecting against future re-creation of those spam
> pages.)...

Most of these administrators are smart people who just need a little
help fighting the bots. It sounds like the recommendations from this
group so far are:

* https://www.mediawiki.org/wiki/Extension:QuestyCaptcha , a plugin for
the ConfirmEdit extension
* http://www.mediawiki.org/wiki/Extension:SimpleAntiSpam

so I've added those to these help pages:

* https://www.mediawiki.org/wiki/Anti-spam_features
* https://www.mediawiki.org/wiki/Manual:Combating_spam
* https://www.mediawiki.org/wiki/Manual:Combating_vandalism

and welcome additional improvements to those docs, especially if
recommendations that are in there right now are no longer worthy of
recommendation.

Also, anyone want to take a crack at cleaning out what's no longer
applicable in https://www.mediawiki.org/wiki/Spam_Filter so I can
suggest it as a project for contributors?
--
Sumana Harihareswara
Volunteer Development Coordinator
Wikimedia Foundation

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


pinkunderscoregothic at gmail

Feb 27, 2012, 1:51 PM

Post #9 of 18 (1660 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

"Sent via BlackBerry from Smart"

-----Original Message-----
From: Sumana Harihareswara <sumanah [at] wikimedia>
Sender: mediawiki-l-bounces [at] lists
Date: Mon, 27 Feb 2012 14:49:58
To: <mediawiki-l [at] lists>
Reply-To: MediaWiki announcements and site admin list
<mediawiki-l [at] lists>
Subject: Re: [Mediawiki-l] CAPTCHA recommendation for account-creation bots?

On 02/27/2012 02:17 PM, mediawiki-l-request [at] lists wrote:
> Date: Mon, 27 Feb 2012 17:57:14 +0000
> From: Daniel Barrett <danb [at] VistaPrint>
> To: MediaWiki announcements and site admin list
> <mediawiki-l [at] lists>
> Subject: [Mediawiki-l] CAPTCHA recommendation for account-creation
> bots?
> Message-ID:
> <68CF225601ADF74BA1F8A2511535F85D0A9D20DB [at] WNDMAIL02>
> Content-Type: text/plain; charset="us-ascii"
>
> Spam bots are creating accounts on my music wiki (http://www.blazemonger.com/GG/Special:RecentChanges). What is the best extension to prevent this? I installed ConfirmEdit and tried the default CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment with the many other options, I thought I'd ask what people recommend.
>
> Fortunately the bots can't edit articles, just create useless accounts.
>
> Thanks,
> DanB

I'll take this opportunity to point out that Dan's not the only one.
People who run MediaWiki instances come into IRC (#mediawiki) every day
asking for help fighting spam and vandalism. Some emails that have come
my way (reprinted with permission):

Jason Vertrees wrote:
> HI Sumana,
>
> After opening up my wiki for free registration, I immediately got
> three spam accounts. One turned into real spam being injected into and
> then cleaned from the wiki. None of the methods aside from preventing
> self-registration seem to work against spam. Unfortunately, this also
> prevents growth.
>
> I read the links you provided--do you have anything else more proactive?
>
> Thanks,
>
> -- Jason


Sergey Chernyshev wrote:
"Do you by any chance know a reliable way to combat spam? I'm tired of
the hordes of spammers attacking my MW projects.... Unfortunately, I'm
well aware of current anti-spam features and none of them simplify the
spam combat to the level similar to WordPress, for example."
(http://www.mediawikiwidgets.org/)

Anne Gray wrote of sfeditorwatch.com and sfartistwatch.com, which have
Google Analytics, ReCaptcha and Bad Behavior installed:
>
> Thank you for offering to help try to figure out what's gone wrong
> with sfeditorwatch.com and sfartistwatch.com. Cheryl's email reminds
> me that activity on the sf editors wiki was really picking up for a
> while, the year before it started getting attention from spambots.
> Once I started having to protect pages to keep from losing content and
> the wiki started being full of spam, participation declined sharply.
> It rapidly hit the point where I as an administrator couldn't possibly
> hope to keep up. Then reCaptcha broke and people *couldn't* edit
> their own pages. At this point, I'm pretty sure bots are almost the
> only thing active there....
[snip]
> Sfartistwatch never really took off partly, I think, because it's
> really non-obvious how to post images (I still have never learned).
> And I'm worried that if we turn it on, it will get hit by the kind of
> spammers that are posting hundreds of spam images to the Carl Brandon
> society wiki...
>
> I don't know enough to set up bots to patrol, to set up notifications
> so that I as the administrator can "watch" all the pages, or to use
> scripts or whatever to nuke the massive amounts of spam pages that are
> created regularly. Bots are clearly getting past recaptcha to
> register users (they're doing that on the carl brandon wiki, too), and
> the "Random page" button is totally useless for a visitor who is
> actually interested in the topic of the wiki (is there a way to
> reprogram that, so it only selects a random page that has a category,
> at least? (it would be sooo nice, when you Block a user for spam or
> vandalism, for the following page to list pages that user created,
> with checkboxes beside them, and provide the option to select all of
> them at once and delete them. Even better if it gave the option of
> automatically protecting against future re-creation of those spam
> pages.)...

Most of these administrators are smart people who just need a little
help fighting the bots. It sounds like the recommendations from this
group so far are:

* https://www.mediawiki.org/wiki/Extension:QuestyCaptcha , a plugin for
the ConfirmEdit extension
* http://www.mediawiki.org/wiki/Extension:SimpleAntiSpam

so I've added those to these help pages:

* https://www.mediawiki.org/wiki/Anti-spam_features
* https://www.mediawiki.org/wiki/Manual:Combating_spam
* https://www.mediawiki.org/wiki/Manual:Combating_vandalism

and welcome additional improvements to those docs, especially if
recommendations that are in there right now are no longer worthy of
recommendation.

Also, anyone want to take a crack at cleaning out what's no longer
applicable in https://www.mediawiki.org/wiki/Spam_Filter so I can
suggest it as a project for contributors?
--
Sumana Harihareswara
Volunteer Development Coordinator
Wikimedia Foundation

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


pinkunderscoregothic at gmail

Feb 27, 2012, 1:51 PM

Post #10 of 18 (1669 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

"Sent via BlackBerry from Smart"

-----Original Message-----
From: "Daniel Friesen" <lists [at] nadir-seen-fire>
Sender: mediawiki-l-bounces [at] lists
Date: Mon, 27 Feb 2012 11:23:25
To: mediawiki-l [at] lists<mediawiki-l [at] lists>
Reply-To: daniel [at] nadir-seen-fire,
MediaWiki announcements and site admin list
<mediawiki-l [at] lists>
Subject: Re: [Mediawiki-l] CAPTCHA recommendation for account-creation bots?

On Mon, 27 Feb 2012 11:19:48 -0800, Frank Ralf <Frank.Ralf [at] gmx> wrote:

>> Before I experiment with the many other options, I thought I'd ask what
>> people recommend.
>
> Hi Dan,
>
> I don't have any experience with MediaWiki antispam solutions but with
> Drupal I use http://drupal.org/project/spamicide: "Spamicide adds an
> input field to each form then hides it with css, when spam bots fill in
> the field the form is discarded."
>
> That's not only much more userfriendly as it doesn't require any extra
> effort from the user but quite effectiv for preventing spam. I shouldn't
> be to difficult to use the same mechanism in an extension.
>
> hth
> Frank

We have that too:
https://www.mediawiki.org/wiki/Extension:SimpleAntiSpam

But if the bot is smart enough to register for accounts and handle
captchas, it might not be easily tripped up by such a simple measure.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


emufarmers at gmail

Feb 27, 2012, 3:32 PM

Post #11 of 18 (1653 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

ReCAPTCHA is so conceptually flawed that it would be a poor solution
even if it weren't cracked. FancyCaptcha is good (but still at least
sometimes bypassed in practice), but the requirements for setting it
up put it out of reach for many wikis. I'm a fan of QuestyCaptcha,
but I'm biased. :-)

On Mon, Feb 27, 2012 at 2:23 PM, Daniel Friesen
<lists [at] nadir-seen-fire> wrote:
> But if the bot is smart enough to register for accounts and handle captchas,
> it might not be easily tripped up by such a simple measure.

Has anybody taken a comprehensive look at the effectiveness of various
solutions in practice? Of particular importance would be determining
whether CAPTCHAs are usually broken in the wild via OCR or by farming
them out to humans.

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


jidanni at jidanni

Feb 27, 2012, 5:03 PM

Post #12 of 18 (1656 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

I now rely on Ms. Nurdsbaum in room B-303,
http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_account_creation

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


lists at nadir-seen-fire

Feb 27, 2012, 5:09 PM

Post #13 of 18 (1654 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On Mon, 27 Feb 2012 17:03:12 -0800, <jidanni [at] jidanni> wrote:

> I now rely on Ms. Nurdsbaum in room B-303,
> http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_account_creation

^_^ Some of us like to use our wiki as... well, a wiki.
You know, one of those websites that anyone can register for and edit.
You know what they are, right?

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


annew at kde

Feb 28, 2012, 1:49 AM

Post #14 of 18 (1653 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27/02/12 18:35, 2007 [at] gmaskfx wrote:
> You can try ReCaptcha but I found that questy captcha works really
> well. I just ask the user a really dumb question like where is
> Tokyo?
>
Questy has dropped our spam to almost nil. The nice thing is that you
can define a few such simple questions, and have them randomly
offered, making "learning" more difficult for spammers.

Anne

- --
Need KDE help? Try
http://userbase.kde.org or
http://forum.kde.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9MoyUACgkQj93fyh4cnBf9UQCeIaQMPZP1xp2kSxJVaPx4G6kH
iGIAniKGFt/28Md7PlcX+LLbagbt2oP4
=ir6O
-----END PGP SIGNATURE-----

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


danb at VistaPrint

Feb 28, 2012, 12:27 PM

Post #15 of 18 (1652 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

Thanks to everyone for your recommendations. I switched to QuestyCaptcha and the spam account-creations have stopped for the past 24 hours. A good sign.

DanB

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


fgrose at gmail

Feb 28, 2012, 8:42 PM

Post #16 of 18 (1653 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On Mon, Feb 27, 2012 at 9:57 AM, Daniel Barrett <danb [at] vistaprint> wrote:

> Spam bots are creating accounts on my music wiki (
> http://www.blazemonger.com/GG/Special:RecentChanges). What is the best
> extension to prevent this? I installed ConfirmEdit and tried the default
> CAPTCHA (SimpleCAPTCHA) but it didn't stop the bots. Before I experiment
> with the many other options, I thought I'd ask what people recommend.
>
> Fortunately the bots can't edit articles, just create useless accounts.
>
> Thanks,
> DanB
>

Requiring OpenID for new accounts is also effective.
http://www.mediawiki.org/wiki/Extension:OpenID
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


Platonides at gmail

Mar 5, 2012, 1:32 PM

Post #17 of 18 (1604 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On 28/02/12 00:32, Benjamin Lees wrote:
> ReCAPTCHA is so conceptually flawed that it would be a poor solution
> even if it weren't cracked. FancyCaptcha is good (but still at least
> sometimes bypassed in practice), but the requirements for setting it
> up put it out of reach for many wikis.

I think you could generate the captcha images locally and upload them to
the server. It's much easier to fullfil the python requisites at the
user box than in the server.
I don't think it has been proposed before, though. But with a good
documentation, that could be a much nice path for FancyCaptcha users.


_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l


emufarmers at gmail

Mar 6, 2012, 6:19 PM

Post #18 of 18 (1608 views)
Permalink
Re: CAPTCHA recommendation for account-creation bots? [In reply to]

On Mon, Mar 5, 2012 at 4:32 PM, Platonides <Platonides [at] gmail> wrote:
> I think you could generate the captcha images locally and upload them to
> the server. It's much easier to fullfil the python requisites at the
> user box than in the server.
> I don't think it has been proposed before, though. But with a good
> documentation, that could be a much nice path for FancyCaptcha users.

That approach certainly works, but given how difficult the average
user (especially the average user on shared hosting) finds the
process, I'm not sure how practical it would end up being.
But document it and prove me wrong. :-)

It could also be possible to replace the Python script with something
written entirely in PHP, using GD or whatever. Maybe. But if it
turns out that bots are getting through it just as easily as
reCAPTCHA, then there's not much point.

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Wikipedia mediawiki RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.