CAPTCHA
From Sourcebook Wiki
Our CAPTCHA needs some love. Any ideas? --Msallen
- Well, reCAPTCHA is definitely broken, but the email-only registration has been keeping the number of trash articles to near-zero, so we can probably just ignore the tons of fake accounts, honestly. I could probably also look into some other CAPTCHA system, but when the bad guys can hire a person to just sit down and break captchas all day for pennies, there's not a whole lot that can be done. -Slitherrr
- Can registration/new account creation be flat turned off? As rarely as we get new signups, we can do those manually if need be? absalom 14:03, 22 March 2012 (EDT)
- Sure. Done. -Slitherrr
Would you guys mind if I looked into installing some sort of CAPTCHA system for new pages by users with below x amount of traffic? This shit's getting ridiculous. -Slitherrr
I need to figure out how these bots are getting past the CAPTCHA to create users. -Slitherrr
- Why do they keep creating users? I never see any of them actually post anything. Are they hoping to lie low then spam later? -gm
- Subliminal advertising? I can't figure it either --Msallen
- It could be that ReCAPTCHA has been beaten, although there haven't been any actual edits, so I can't be positive. There is another CAPTCHA program that actually generates the images based on some seed, so that might work better. However, that won't do anything if what's happening is that there are people on the other end just filling out CAPTCHAs to push these bots through, which is conceivable (bot sends an image back to a server, someone sits there whose job is just filling out CAPTCHAs all day and sends it back, bot takes auth and continues its nefarious deeds is something that is possible). MedaWiki's site might have some clues.-Slitherrr
- Other people are reporting this same issue, so it appears that ReCAPTCHA has been beaten. FancyCAPTCHA exists and evidently works very well, but requires using an outdated version of Python to run the image generator, so I'll have to get that and a words file from somewhere. -Slitherrr
- It could be that ReCAPTCHA has been beaten, although there haven't been any actual edits, so I can't be positive. There is another CAPTCHA program that actually generates the images based on some seed, so that might work better. However, that won't do anything if what's happening is that there are people on the other end just filling out CAPTCHAs to push these bots through, which is conceivable (bot sends an image back to a server, someone sits there whose job is just filling out CAPTCHAs all day and sends it back, bot takes auth and continues its nefarious deeds is something that is possible). MedaWiki's site might have some clues.-Slitherrr
- Subliminal advertising? I can't figure it either --Msallen
- Oh yeah, I was thinking of getting FancyCAPTCHA running. Also, I never answered Abs's question above: The reason they are creating accounts and uploading things/creating pages is for SEO. They host here, then link on some page under their control, and use the association to increase their pagerank. I won't be able to work on FancyCAPTCHA tonight, maybe not even this week, but I'll make an event to remind myself. -Slitherrr
- For spam prevention, I've had by far the most luck on my sites by swapping form field names. This could be touchy with MediaWiki but gives a lot of bang for the buck. Botters aren't going to tweak their scripts for some random gaming wiki site with rapid moderation. Worth a thought, anyway. -Mattie 14:02, 14 February 2011 (EST)
- That's a hell of an idea, although MediaWiki's hooking system means it's pretty much impossible to know what depends on what, so that might not be an option. Still, amazing idea, and maybe when I'm fiddling I'll look into that, too. -66.207.91.56
- I'm going to do this. Sick of deleting those fuckers. -slith
- Done. I tested a creation and login and it seems fine, let me know if it explodes. -slith
- Maaaan, you are the shit. -gm
- Done. I tested a creation and login and it seems fine, let me know if it explodes. -slith
- I'm going to do this. Sick of deleting those fuckers. -slith
- That's a hell of an idea, although MediaWiki's hooking system means it's pretty much impossible to know what depends on what, so that might not be an option. Still, amazing idea, and maybe when I'm fiddling I'll look into that, too. -66.207.91.56
- For spam prevention, I've had by far the most luck on my sites by swapping form field names. This could be touchy with MediaWiki but gives a lot of bang for the buck. Botters aren't going to tweak their scripts for some random gaming wiki site with rapid moderation. Worth a thought, anyway. -Mattie 14:02, 14 February 2011 (EST)
- Oh yeah, I was thinking of getting FancyCAPTCHA running. Also, I never answered Abs's question above: The reason they are creating accounts and uploading things/creating pages is for SEO. They host here, then link on some page under their control, and use the association to increase their pagerank. I won't be able to work on FancyCAPTCHA tonight, maybe not even this week, but I'll make an event to remind myself. -Slitherrr
