Tim Starling wrote:
Captchas could slow down the attack somewhat. Let's say he uses 10 IP addresses on 7 wikis. That means he would have to perform about 70 captchas. If each captcha takes 10 seconds, then it would require about 11 minutes of human time to perform the attack. Of course, he spent far longer than 11 minutes developing the bot, but it does put a practical limit on the scale and speed of the attack.
It also means that he has to display what's going on in a browser, rather than doing the whole thing from a perl script for example. To me, anyhow, that would be a daunting task, but then again, automating a browser isn't something I know much about.
My thinking is just that when he sees the captcha and realizes that his entire script has to be rewritten from scratch, he might just realize that it's totally not worth it.
One good thing about spammers is that they are lazy and only in it for the money, as opposed to an ideological opponent or random lunatic who might spend a completely absurd amount of time trying to get around something.
--Jimbo