Extension:QuestyCaptcha

From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manual - list
Crystal Clear action run.png
QuestyCaptcha

Release status: beta
Implementation Page action
Description Adds a question-based CAPTCHA.
Author(s) Emufarmers
MediaWiki 1.6+ (in theory)
License GPL
Download
Download snapshot (Git master)
Git [?]:
Added rights

skipcaptcha
Hooks used
EditFilterMerged

EditFilter
UserCreateForm
AbortNewAccount
LoginAuthenticateAudit
UserLoginForm
AbortLogin
APIEditBeforeSave
Check usage and version matrix

QuestyCaptcha is a plugin for the ConfirmEdit extension. Instead of using a math problem (trivially defeated) or an image (see below), QuestyCaptcha makes users answer a question. The site owner adds questions (and their answers!) in LocalSettings.php, and the extension picks from them randomly.

Installation [edit]

The installation process largely mirrors that of ConfirmEdit.

  • Download the snapshot for your version and extract it
  • Create a folder in the extensions folder named ConfirmEdit
  • Upload the files to the extensions/ConfirmEdit/ folder
  • Edit LocalSettings.php in the root of your MediaWiki installation, and add the following lines near the bottom:
    require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
    require_once( "$IP/extensions/ConfirmEdit/QuestyCaptcha.php");
    $wgCaptchaClass = 'QuestyCaptcha';
    $arr = array (
            "A question?" => "An answer!",
            "What is this wiki's name?" => "$wgSitename",
            'Please write the magic secret, "passion", here:' => 'passion',
            'Type the code word, 567, here:' => '567',
            'Which animal? <img src="http://www.mysite.com/dog.jpg" alt="" title="" />' => 'dog',
    );
    foreach ( $arr as $key => $value ) {
            $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
    }
  • You can also configure ConfirmEdit's triggers and other options

Weaknesses [edit]

Image-based CAPTCHAs have a few vulnerabilities. Bots using optical character recognition can crack them, and the only defense is to make the images harder to read for humans and computers alike. OCR algorithms are constantly being improved, though, and computers will probably eventually be better at solving CAPTCHAs than humans. In the meantime, spammers can pay workers in developing countries to solve CAPTCHAs or trick ordinary Web users into solving them. And math-based CAPTCHAs are trivial enough for automated spambots to crack for obvious reasons.

A question-based CAPTCHA isn't vulnerable to OCR. Humans can still be paid to solve them, but a question can be context-sensitive: if a question asks you which plant MediaWiki uses for its logo, the answer isn't going to be obvious unless you're on MW.org.

On the other hand, because the database of questions used by any particular site is small, it is straightforward for a human to answer all questions for a given site and store the responses. Even for attackers who attack large numbers of sites, they only need to perform a small amount of manual work per site, and it is also possible for spammers to scrape questions and answers from various websites for them to use in defeating CAPTCHAs. In this sense it is inferior to other CAPTCHAs that produce a unique puzzle for each user.

When selecting your question, it's important to avoid cultural bias. For example, a popular TV show in the US is not likely to be familiar to editors from Brazil, and conversely an American is not likely to know who the prime minister of Australia is. Stick to questions that rely on universal knowledge or knowledge that pertains to the wiki's topic.

TODO [edit]

  • Add a special page for viewing, adding, editing, and removing questions
  • Stats on how many people succeeded or failed for each question and what their guesses were
Retrieved from "http://www.mediawiki.org/w/index.php?title=Extension:QuestyCaptcha&oldid=653718"