On Wed, Jul 28, 2010 at 9:11 AM, Hiram Clawson <hiram(a)soe.ucsc.edu> wrote:
Good Morning MediaWiki Fans:
Our wiki site suffered a spam attack this weekend. (version 1.13.0) The
attack evidently
had some method to work-around the new account Captcha barrier, and the
authorized user email allowed to edit setting. I'm curious if anyone
else has encountered such attacks and if there are new ways to block
bogus account creation.
It's probably a good idea to get some log details on those submissions to
make sure there's not a bypass (at least double-check the MediaWiki debug
logs to make sure it's listing captcha details?), but keep in mind that
captchas are not an absolute preventer of spam... There are service firms
that simply employ lots of people to type in captchas on your spambot's
behalf.
-- brion