On Wed, Jul 28, 2010 at 9:11 AM, Hiram Clawson hiram@soe.ucsc.edu wrote:
Good Morning MediaWiki Fans:
Our wiki site suffered a spam attack this weekend. (version 1.13.0) The attack evidently had some method to work-around the new account Captcha barrier, and the authorized user email allowed to edit setting. I'm curious if anyone else has encountered such attacks and if there are new ways to block bogus account creation.
It's probably a good idea to get some log details on those submissions to make sure there's not a bypass (at least double-check the MediaWiki debug logs to make sure it's listing captcha details?), but keep in mind that captchas are not an absolute preventer of spam... There are service firms that simply employ lots of people to type in captchas on your spambot's behalf.
-- brion