Re: Broken captcha

Hi, Garbee:

Just saw on MediaWiki-l thread that someone has had relative success with AbuseFilter.[1]

Julee
[1] http://lists.wikimedia.org/pipermail/mediawiki-l/2013-May/041202.html

----------------------------
julee@adobe.com
@adobejulee

From: Jonathan Garbee <jonathan.garbee@gmail.com<mailto:jonathan.garbee@gmail.com>>
Date: Monday, May 20, 2013 9:50 AM
To: "public-webplatform@w3.org<mailto:public-webplatform@w3.org>" <public-webplatform@w3.org<mailto:public-webplatform@w3.org>>
Subject: Broken captcha
Resent-From: <public-webplatform@w3.org<mailto:public-webplatform@w3.org>>
Resent-Date: Monday, May 20, 2013 9:51 AM

As infrastructure issue 26 [1] describes the captcha system is really not working at all. For the time being I am going to try and resolve the situation with the QuestyCaptcha method. This is a static associative array which sets questions and answers to be selected from. We can make it more dynamic of course since it is just PHP. In fact one thing I am thinking is a question that generates a random 4 digit number and asks for it in reverse.

That is a good short-term fix and possibly even medium to long-term as well. However, if people actually end up targeting WPD, then this kind of a system can be pretty easily figured out each time the array of questions/answers is changed. So it may be necessary at some point to simply use the reCaptcha method.

Should we simply go with QuestyCaptcha until it becomes an issue or use recaptcha from the start? Further, does anyone have any suggestions on other ways we could mitigate bot account creation and spamming of the docs?

Thanks,
-Garbee

[1] http://project.webplatform.org/infrastructure/issues/26

Received on Thursday, 23 May 2013 16:35:50 UTC