Tim Starling wrote: A couple months ago I half-coded a captcha framework to plug into MediaWiki; Neil Harris wrote a little script to generate the distorted text images to go along with it. A captcha of course is that annoying little thing that makes you type in a word or code to continue, to prove that you're probably not an abusive bot. (Or a blind person. Whoops!) The idea of a captcha is to slightly inconvenience some legitimate users in exchange for erecting a huge speed bump against abusers. In the Wiki world this is one aspect of "SoftSecurity"; even the original Ward's Wiki these days has a captcha-like system where edits may require inputting a displayed code depending on abuse level. The plugin can be configured to trigger only when new URLs are added, so it can prevent most automated linkspam without disturbing other edits. It can also be set to trigger only on anonymous and new accounts, so established editors, sysops, and registered bots won't be inconvenienced. It could also be enabled for all edits, for instance to help combat a vandalbot. I've been fixing up some old bugs in the extension; it could use some further improvements but it's currently demoing on http://test.wikipedia.org/ and I may start enabling it for production testing on our 'real' sites soon. Triggering URLs will be logged, so we can also get a better idea of what's being hit 'live'. Remaining things to do: * Requires cookies for PHP session info; this could cut out some users making legitimate anonymous edits with cookies disabled. * Selection and expiration of used captcha images is not really finished yet, though probably adequate for the moment. * Currently it's only available for edits. Being able to trigger on other high-risk actions such as new account creation is a logical step. * More 'smart' triggering, eg based on vandalry keywords, known-bad IP ranges, bayesian analysis ;) or more generally some switches that can be flipped by sysops/bureaucrats/stewards in response to abuse attacks. * An audio alternative might be useful for some vision-impaired users. If anyone has experience with such systems and can help with this, that would be welcome. Currently the extension relies on one or two extra hooks which are in 1.6 which I don't think have been backported to 1.5. I would like to include a basic captcha by default in 1.6 to discourage automated linkspam, with the option of the site operator to disable it of course. (Note that linkspam on most MediaWikis won't actually _help_ the spammer in major search engines due to the use of rel="nofollow". That helps keep the search utilities we all rely on clean and usable, but doesn't by itself stop the automated edits which are a nuisance. A captcha system should reduce this a lot, hopefully at a minimal user-annoyance cost in exchange.) -- brion vibber (brion @ pobox.com)