Topic on Extension talk:ConfirmEdit

[Proposal] Creating questions for spambots but not for humans

3
Meshr (talkcontribs)

A lot of spamming accounts were creating in my wiki although I had recaptcha in ConfirmEdit extension. I did some investigation why it happened. Here is what I found:

  1. Actually SimpleAntiSpam feature works very efficiently (it is core mediawiki feature now). It stops a lot of spambots. It makes me to add it with some improvements to ConfirmEdit/QuestyCaptcha to make it to work also during account creation.
  2. No one spambot that I see had javascript support. Although some of them can break recaptcha.

My idea is to get rid of human captchas and to create invisible “captchas” for spambots instead. It works similar to QuestyCaptcha but instead of questions for humans some html/javascript code is injected. It does some work for detecting spambot and the result is sent back for verification instead of QuestyCaptcha answer. As an example for html/javascript code I made a random math function generator. Javascript is needed on spambot side to get the correct result for this function. Html/javascript code can be improved in future for detecting more complex spambots with javascript support. I pasted my ConfirmEdit/QuestyCaptcha patch here http://pastebin.com/4gVXR3GA It allows to have blank $wgCaptchaQuestions and to define optional $wgHTMLCaptchaQuestion function for more complex spambots. The main advantage is that you can stop spambots without defining any $wgCaptchaQuestions. Let me know if a spambot on your wiki can beat my simple javascript check.

Nemo bis (talkcontribs)

Such tricks work at small scale, not big scale. You can submit your patch against Extension:SimpleAntiSpam.

As for the questions, that's what the new ReCaptcha does. There is a patch in ConfirmEdit.

Meshr (talkcontribs)

My patch is against ConfirmEdit and QuestyCaptcha Extensions. It enables additional functionality in these Extensions that allows to write your own “new ReCaptcha” code. It stopped spam completely for me without any captchas/questions which I had before. The question is whether ConfirmEdit and QuestyCaptcha authors agree with these modifications.

Reply to "[Proposal] Creating questions for spambots but not for humans"