Extension talk:QuestyCaptcha

Oh yes!
Thanks a lot. That should be very secure :) --Subfader 12:18, 7 August 2009 (UTC)

oh no!
the download for 1.15.x doesn't contain QuestyCaptcha.php
 * I could confirm this. Ive used 1.16x instead, it seems to work --84.171.29.220 08:56, 4 February 2012 (UTC)
 * Yeah, copying the Questy* files from 1.16 into the version for 1.13 (which also doesn't have them) works as well.
 * I had the same problem. The extension page says QuestyCaptcha is supported by MediaWiki "1.6+ (in theory)", but the download for 1.15.x doesn't contain QuestyCaptcha.php. Tim Smith (talk) 03:41, 1 July 2012 (UTC)

Spam getting past QuestyCaptcha
Hi,

To my great surprise, I'm still getting a few spam edits! I can't find anyone talking about spam getting past QuestyCaptcha, so I thought this might be worth mentioning here. My daily spam is reduced from more than 50 to around 3, so I'm a happy user and I recommend QuestyCaptcha, but I'm puzzled by the trickle of spam that persists.

I guess this means there's a human somewhere in the world targeting my site, which is surprising since my site isn't all that big: en.swpat.org. But if it's a human, I wonder why they so rarely beat the captcha - maybe there's a distributed network of people and only some have sufficient English?

I set QuestyCaptcha up with these two questions:
 * What swims in the sea? (four letters) -> fish
 * Which wooly farm animal says baaaaa? -> sheep

Account creation and all edits require passing a captcha, but logged in users are exempt. I've had it installed for three days and there've been two spam pages created by IP addresses, three spam accounts created, and three pages created by those spam accounts.

(To see the spam edits, you have to show bot edits - I use RecentChangesCleanup to tag spam as bot edits) Ciaran 23:07, 3 September 2011 (UTC)


 * Four months later, my spam is down again from 3 per day to 5 per week. I guess some spammers have removed my site from their lists of spammable wikis. Ciaran 12:19, 29 January 2012 (UTC)


 * I have also seen spammers get past the QuestyCaptcha. Maybe we should do an experiment: set the answer to something random (e.g. password generator output) for a month and see if spammers still gets through (with an email address where humans may ask for the password). If this doesn't stop them, then there is a security problem somewhere. If it does stop them, you can assume that you are fighting a bot using Mechanical Turk or similar. In that case, simply invent a new question with an unique answer every time you catch a spammer. --Maliomero (talk) 11:06, 14 April 2013 (UTC)

Do not support mediawiki 1.18
it shows Warning: preg_match [function.preg-match]: Empty regular expression in /home/public_html/wiki/includes/Linker.php on line 1529 in my wiki. —The preceding unsigned comment was added by Zoglun (talk • contribs)


 * I can't reproduce this. What CAPTCHA questions did you set? —Emufarmers(T 06:10, 27 February 2012 (UTC)

Multiple Answers to a Question
Would like to know if the extension allows for multiple answers to a single question, in the event that the end-user spells it wrong... or even doesn't add a capital letter to a proper noun. -- Joe Beaudoin Jr. (talk) 18:23, 13 March 2012 (UTC)


 * You can provide several acceptable answers to a given question. The answers shall be in lowercase. An example:

--Link0ff (talk) 11:54, 3 April 2012 (UTC)

Extension broken?
I've installed ConfirmEdit with Questy, in my wiki (MW 1.18) but it's not working. I tried creating a new user, but when I do that I succeed without answering the test question! the problem is definitely in Questy, I tried SimpleCaptcha and indeed could not create a user without answering the simple math question. Osishkin (talk) 17:52, 11 April 2012 (UTC)

Rotation
Since the questions rotate, couldn't a spammer figure out the answer to one question, and then have an automated script keep making attempts to pass the CAPTCHA until it came back to that question? Leucosticte (talk) 06:47, 11 November 2012 (UTC)


 * IMO there is no point of having multiple questions that the spammers can choose from. Just a single unique answer should do the trick (exchange it from time to time). And the answer shouldn't be the site's domain name, or things like "5" or "blue" which will be in every dictionary. --Maliomero (talk) 11:06, 14 April 2013 (UTC)

Special page
It shouldn't be too hard to do the special page. Probably Special:Interwiki would be a good one to model it after. Another possibility would be to implement it via an editable wiki page that is only viewable by authorized users, if we ever get some decent access restrictions put in place. This would have the advantage of having a page history for reversion and accountability purposes (since the changes to the questions can't be logged, unless access to those log events is to be restricted). Leucosticte (talk) 06:49, 11 November 2012 (UTC)