Tim Starling wrote:
I'll leave Brion to tell you about his CAPTCHA
extension.
A couple months ago I half-coded a captcha framework to plug into MediaWiki;
Neil Harris wrote a little script to generate the distorted text images to go
along with it. A captcha of course is that annoying little thing that makes you
type in a word or code to continue, to prove that you're probably not an abusive
bot. (Or a blind person. Whoops!)
The idea of a captcha is to slightly inconvenience some legitimate users in
exchange for erecting a huge speed bump against abusers. In the Wiki world this
is one aspect of "SoftSecurity"; even the original Ward's Wiki these days
has a
captcha-like system where edits may require inputting a displayed code depending
on abuse level.
The plugin can be configured to trigger only when new URLs are added, so it can
prevent most automated linkspam without disturbing other edits. It can also be
set to trigger only on anonymous and new accounts, so established editors,
sysops, and registered bots won't be inconvenienced.
It could also be enabled for all edits, for instance to help combat a vandalbot.
I've been fixing up some old bugs in the extension; it could use some further
improvements but it's currently demoing on
http://test.wikipedia.org/ and I may
start enabling it for production testing on our 'real' sites soon. Triggering
URLs will be logged, so we can also get a better idea of what's being hit
'live'.
Remaining things to do:
* Requires cookies for PHP session info; this could cut out some users making
legitimate anonymous edits with cookies disabled.
* Selection and expiration of used captcha images is not really finished yet,
though probably adequate for the moment.
* Currently it's only available for edits. Being able to trigger on other
high-risk actions such as new account creation is a logical step.
* More 'smart' triggering, eg based on vandalry keywords, known-bad IP ranges,
bayesian analysis ;) or more generally some switches that can be flipped by
sysops/bureaucrats/stewards in response to abuse attacks.
* An audio alternative might be useful for some vision-impaired users. If anyone
has experience with such systems and can help with this, that would be welcome.
Currently the extension relies on one or two extra hooks which are in 1.6 which
I don't think have been backported to 1.5. I would like to include a basic
captcha by default in 1.6 to discourage automated linkspam, with the option of
the site operator to disable it of course.
(Note that linkspam on most MediaWikis won't actually _help_ the spammer in
major search engines due to the use of rel="nofollow". That helps keep the
search utilities we all rely on clean and usable, but doesn't by itself stop the
automated edits which are a nuisance. A captcha system should reduce this a lot,
hopefully at a minimal user-annoyance cost in exchange.)
-- brion vibber (brion @
pobox.com)