Hi All,
I have QuestyCaptcha working on http://teflpedia.com. However, for some reason it fails to challenge users on bad login (multiple failed login attempts is not producing the captcha challenge). In LocalSettings.php I tried the following settings (from http://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration):
$wgCaptchaTriggers['badlogin'] = true;
But that allowed serial bad login attempts without triggering captcha challenge. So then I tried "false":
$wgCaptchaTriggers['badlogin'] = false;
But that also allowed multiple failed login attempts without triggering captcha challenge.
Any ideas why bad login attempts are not producing captcha challenge?
Say, I tried multiple (8 or so) bad login attempts on mediawiki.org just now and then got:
Login error You have made too many recent login attempts. Please wait before trying again.
No captcha challenge, just a time out. I like that. Is there an extension I can install that will do that on my wiki (nothing in http://www.mediawiki.org/wiki/Special:Version seemed obvious to me)?
Roger http://teflpedia.com/Special:Version (running MediaWiki 1.18.1 with the included ConfirmEdit version)
On Mon, Feb 20, 2012 at 6:12 PM, roger@rogerchrisman.com wrote:
I have QuestyCaptcha working on http://teflpedia.com. However, for some reason it fails to challenge users on bad login (multiple failed login attempts is not producing the captcha challenge).
What happens if you use a different captcha module? I'd like to know if this is a problem with the extension or the module.
No captcha challenge, just a time out. I like that. Is there an extension I can install that will do that on my wiki (nothing in http://www.mediawiki.org/wiki/Special:Version seemed obvious to me)?
$wgPasswordAttemptThrottle
Thanks Ben,
On Mon, Feb 20, 2012 at 3:45 PM, Benjamin Lees emufarmers@gmail.com wrote:
On Mon, Feb 20, 2012 at 6:12 PM, roger@rogerchrisman.com wrote:
I have QuestyCaptcha working on http://teflpedia.com. However, for some reason it fails to challenge users on bad login (multiple failed login attempts is not producing the captcha challenge).
What happens if you use a different captcha module? I'd like to know if this is a problem with the extension or the module.
I don't know. If I get a moment, I will try to find out and reply.
No captcha challenge, just a time out. I like that. Is there an extension I can install that will do that on my wiki (nothing in http://www.mediawiki.org/wiki/Special:Version seemed obvious to me)?
$wgPasswordAttemptThrottle
I see, on http://www.mediawiki.org/wiki/Manual:$wgPasswordAttemptThrottle, that "Memcached must be enabled for this setting to work properly." My wiki is a low usage wiki on a shared Web hosting account and I think Memcached may be more than I want to attempt. So I guess I should not try $wgPasswordAttemptThrottle.
Roger
On Mon, Feb 20, 2012 at 4:20 PM, roger@rogerchrisman.com wrote:
Thanks Ben,
On Mon, Feb 20, 2012 at 3:45 PM, Benjamin Lees emufarmers@gmail.com wrote:
On Mon, Feb 20, 2012 at 6:12 PM, roger@rogerchrisman.com wrote:
I have QuestyCaptcha working on http://teflpedia.com. However, for some reason it fails to challenge users on bad login (multiple failed login attempts is not producing the captcha challenge).
What happens if you use a different captcha module? I'd like to know if this is a problem with the extension or the module.
I don't know. If I get a moment, I will try to find out and reply.
Okay did that: I now have http://teflpedia.com using ConfirmEdit's default simple math captcha, and I have this set in LocalSettings.php:
$wgCaptchaTriggers['badlogin'] = true; //default
But multiple bad login attempts are not triggering captcha challenge. I will leave it set per above for one hour, then change back to QuestyCaptcha.
Am I supposed to set somewhere how many consecutive bad login attempts should trigger the captcha challenge?
Roger
On Mon, Feb 20, 2012 at 7:20 PM, roger@rogerchrisman.com wrote:
I see, on http://www.mediawiki.org/wiki/Manual:$wgPasswordAttemptThrottle, that "Memcached must be enabled for this setting to work properly."
That message is wrong (or outdated). I did some testing, and it appears $wgMainCacheType just has to be set to something other than CACHE_NONE.
On Mon, Feb 20, 2012 at 7:34 PM, roger@rogerchrisman.com wrote:
Am I supposed to set somewhere how many consecutive bad login attempts should trigger the captcha challenge?
It's triggered after 3 attempts. Like $wgPasswordAttemptThrottle, it requires that $wgMainCacheType be set to something other than CACHE_NONE (CACHE_DB seems to do the trick, if you don't have any accelerator available).
mediawiki-l@lists.wikimedia.org