Re: Broken captcha

They are using QuestyCaptcha (the first thing I am implementing) as well.
Our current captcha does nothing, it is always 2+3 which any bot can figure
out and put in (or just be told what to do.) Fighting spam has no golden
bullet except only allowing confirmed people to edit (but that gets insane
and increases barrier to entry.) Yes, we need to improve our AbuseFilters
which frozenice and I are working on. The MicroFormats wiki is also having
horrible spam issues, I'm going to try and work with them on filters and
port them over to WPD (and visa-versa if we have some they don't.) That way
each wiki can get better. Someone in the MicroFormats IRC channel mentioned
they help admin a wiki as well, so we should be able to get some better
filters in place. We still need to stop account creation though, which is
where the captcha system comes in.

The effectiveness of captchas and AbuseFilters for wiki goes without
saying. They are two very well-known and effective tools. They just need to
be used together to get the most benefit. All the spam accounts just being
made is putting extra load on our infrastructure since we are storing the
crap data and backing it up. :/

On Thu, May 23, 2013 at 12:33 PM, Julee Burdekin <> wrote:

> Hi, Garbee:
> Just saw on MediaWiki-l thread that someone has had relative success with AbuseFilter.[1]
> Julee
> [1]
> ----------------------------
> @adobejulee
> From: Jonathan Garbee <>
> Date: Monday, May 20, 2013 9:50 AM
> To: "" <>
> Subject: Broken captcha
> Resent-From: <>
> Resent-Date: Monday, May 20, 2013 9:51 AM
> As infrastructure issue 26 [1] describes the captcha system is really not
> working at all. For the time being I am going to try and resolve the
> situation with the QuestyCaptcha method. This is a static associative array
> which sets questions and answers to be selected from. We can make it more
> dynamic of course since it is just PHP. In fact one thing I am thinking is
> a question that generates a random 4 digit number and asks for it in
> reverse.
> That is a good short-term fix and possibly even medium to long-term as
> well. However, if people actually end up targeting WPD, then this kind of a
> system can be pretty easily figured out each time the array of
> questions/answers is changed. So it may be necessary at some point to
> simply use the reCaptcha method.
> Should we simply go with QuestyCaptcha until it becomes an issue or use
> recaptcha from the start? Further, does anyone have any suggestions on
> other ways we could mitigate bot account creation and spamming of the docs?
> Thanks,
> -Garbee
> [1]

Received on Thursday, 23 May 2013 17:40:55 UTC