On 10/29/07, Michael Daly <michael_daly(a)kayakwiki.org> wrote:
Emufarmers Sangly wrote:
Or, if you don't mind
sacrificing a bit of accessibility, you can just set the CAPTCHA to
trigger
on unregistered users' edits and registration
attempts.
I've had good luck doing this with reCaptcha. It eliminated (so far)
all user-creation bots and valdalbots.
I've used ReCAPTCHA, but I'm not sure how much better it is on the
accessibility front: Doesn't it require JavaScript? I'm also not sure how I
feel about the CAPTCAHs being centrally-stored: Part of the protectiveness
of CAPTCHAs comes in their being relatively unique to each site, so that it
isn't worthwhile to break them. Centralizing things removes that security
by obscurity protection. Of course, it also means that if the CAPTCHA is
broken, a centralized group can improve it, but if you're the kind of person
who distrusts centralized Web authorities, ReCAPTCHA might be a problem.
Between you, me, and the mailing list, I just use FancyCaptcha whenever I
can. I find it more lightweight. I haven't had any bots get past it
either, so any CAPTCHA's probably as good as any other for the average site
(beyond the simple math CAPTCHA!).
On 10/29/07, Chuck <chuck(a)mutualaid.org> wrote:
MediaWiki could improve its anti-spam pages by
creating a new page that
lists the kind of attacks that MediaWiki administrators are running into.
I had hoped that this fix would also stop the spambot which is creating
dummy user accounts with fake Russian email addresses. I stopped the
gibberish, but not the fake Russian accounts.
You could always start a page on
MediaWiki.org for this. (Look at <
http://meta.wikimedia.org/wiki/Anti-spam_features>gt;, <
http://www.mediawiki.org/wiki/Manual:Combating_spam>gt;, <
http://meta.wikimedia.org/wiki/Wiki_spam>gt;.)
--
Arr, ye emus,
http://emufarmers.com