A lot of spamming accounts were creating in my wiki although I had recaptcha in ConfirmEdit extension. I did some investigation why it happened. Here is what I found:
- Actually SimpleAntiSpam feature works very efficiently (it is core mediawiki feature now). It stops a lot of spambots. It makes me to add it with some improvements to ConfirmEdit/QuestyCaptcha to make it to work also during account creation.
- No one spambot that I see had javascript support. Although some of them can break recaptcha.
My idea is to get rid of human captchas and to create invisible “captchas” for spambots instead. It works similar to QuestyCaptcha but instead of questions for humans some html/javascript code is injected. It does some work for detecting spambot and the result is sent back for verification instead of QuestyCaptcha answer. As an example for html/javascript code I made a random math function generator. Javascript is needed on spambot side to get the correct result for this function. Html/javascript code can be improved in future for detecting more complex spambots with javascript support. I pasted my ConfirmEdit/QuestyCaptcha patch here http://pastebin.com/4gVXR3GA It allows to have blank $wgCaptchaQuestions and to define optional $wgHTMLCaptchaQuestion function for more complex spambots. The main advantage is that you can stop spambots without defining any $wgCaptchaQuestions. Let me know if a spambot on your wiki can beat my simple javascript check.