[sword-devel] CrossWire wiki vandalism?
Eeli Kaikkonen
eekaikko at mail.student.oulu.fi
Wed Jan 7 23:22:44 MST 2009
Quoting DM Smith <dmsmith555 at yahoo.com>:
> I have learned more about wikis and fighting spam than I ever wanted to;)
I have recently learned (read), to my surprise, that "captchas" are
not a final solution. Spammers have already used human resources - in
cheap developing countries, of course - to break them. Image
recognition have become better and better and is ready to break visual
traps. Captchas may be very annoying. Last time I used one I got
furious because I couldn't be sure what was there and I had to retry
several times. If it's used in every edit it surely may block some
spam but it also prevents valid edits because it raises the bar too
high. The idea of a wiki should be that it's easy and fast.
I have one CrossWire-specific trick in mind, but I don't know if it's
too much work and how it could be implemented. There could be a small
quiz, for example 4 questions with 4 multiple choices. The answers
could be found in our FAQ. If the questions and choices are put there
in random order it would prevent any non-human cracking, and the quiz
would ensure that the user is determined enough to know something
about us.
> New as of today:
> 3) A user agent string is necessary to view the wiki. Without it a 503,
> forbidden will be generated.
I hope this gives also a message telling the reason. Otherwise some
valid users may be blocked without they knowing why.
> I've installed reCaptcha, which gives the user a choice of visual and
> auditory captchas. I chose this one based on a much earlier thread that
> expressed the concern that it be friendly to handicapped users. The
> default implementation requires captcha for the following:
> 4) Creation of new accounts.
This is fair, but see above.
> 5) Adding an external URL to a page. (Let me know if this gets in the
> way. I can turn it off.)
Have the spammers put external urls there? Most of the wiki spam I
have seen has been incomprehensible gibberish. Also, if creation of
new accounts is already protected, I don't know how this helps any
more. If spammers can create accounts they can create links, too.
> 6) Failed login attempts (purpose is to foil automated password cracking).
Fair enough.
> If necessary I can add captcha to every edit and to every page creation.
Please, never! I'll stop using wiki at that phase.
--Eeli Kaikkonen
More information about the sword-devel
mailing list