* Brion Vibber <brionatpobox.com> wrote:
I've been tinkering with an extension to provide
for a captcha to
reduce
automated linkspamming while still staying out of the way for common
use.
Yes.
My preliminary code is running now on
test.leuksman.com; the actual
"captcha" part is a really primitive plain text hack which would take
all of a few minutes for a dedicated attacker to crack, but don't
worry
about that -- I'm not testing the protection yet, just the framework
it
plugs into.
Is
test.leuksman.com down ?
As for a 'real' captcha generator to put into
this system; I'm not too
sure what code is already out there that's not awful. There's a Drupal
plugin which would be easy to rip GPL'd PHP code from, but it doesn't
seem very robust.
Maybe you take a look to this (temporary) site:
http://www.mcmilk.de/projects/wiki-captcha/
I just wrote it for my own wiki today ...
For testing:
http://www.mcmilk.de/wiki/extensions/captcha/
There's a set of samples of various captcha output
and their
weaknesses
here:
http://sam.zoy.org/pwntcha/
Hm... I think my version belongs to the better ones ... and it should be
easy, to add some more features.
Obviously it would be good to either find something on
the 'hard
captchas' list rather than 'defeated captchas', or roll our own that
doesn't suck too bad.
Does my suck too bad ;) ?
There's also the question of whether we can
feasibly provide an audio
alternative or whathaveyou.
I have no one :)
--
regards, TR