Broken captcha

As infrastructure issue 26 [1] describes the captcha system is really not
working at all. For the time being I am going to try and resolve the
situation with the QuestyCaptcha method. This is a static associative array
which sets questions and answers to be selected from. We can make it more
dynamic of course since it is just PHP. In fact one thing I am thinking is
a question that generates a random 4 digit number and asks for it in
reverse.

That is a good short-term fix and possibly even medium to long-term as
well. However, if people actually end up targeting WPD, then this kind of a
system can be pretty easily figured out each time the array of
questions/answers is changed. So it may be necessary at some point to
simply use the reCaptcha method.

Should we simply go with QuestyCaptcha until it becomes an issue or use
recaptcha from the start? Further, does anyone have any suggestions on
other ways we could mitigate bot account creation and spamming of the docs?

Thanks,
-Garbee

[1] http://project.webplatform.org/infrastructure/issues/26

Received on Monday, 20 May 2013 16:51:28 UTC