Looney Labs Rabbits Mailing list Archive

Re: [Rabbits] Wiki Under Spambot Assault!

  • FromBrian Campbell <lambda@xxxxxxx>
  • DateThu, 25 Oct 2007 01:30:40 -0400
On Oct 24, 2007, at 11:47 AM, David Artman wrote:

Ok, that's a bit wild sounding... but there's at least five new (probably) spambot accounts on the Rabbit wiki, and they are doing their thing (which I bet are preliminary tests) of adding a nonsense word to the start of random pages. They have also successfully created new pages and

The mass deletions are soon to come.

Admins--could you get some kind of ReCaptcha plug-in running? Or better still, switch it to Admin approval for new members? We aren't Wikipedia; we can manage to gateway the site with minimal effort and not render it "unsocial" or "insular." That how the Rabbit Roster worked, right?

As suggested, I've added the reCAPTCHA plugin. I've done some basic testing, and it appears to work; the default configuration seems pretty reasonable, so I've left it at that. I've elected not to require admin approval for accounts yet, since I think that will take more time to set up and work out, and I think that CAPTCHAs will get us the best payoff for time invested.

This means that you'll have to enter a CAPTCHA (that is, type some words shown in an image) any time you want to create an account or add a URL to a page, or if you provide the wrong password when trying to log in. Could a few users test this out, by trying to add some URLs, while logged in and while logged out, to the Sandbox page, to make sure it brings up a CAPTCHA in the right circumstances?

Right now the configuration is that if anyone but an admin tries to add a URL it prompts for a CAPTCHA. I could also change it to allow any registered user to add URLs unhindered, since registering is already protected by a CAPTCHA. Or, I could create a new group of trusted users, who are allowed to add URLs but who aren't admins. Or I could leave it as is. Anyone have any preferences?

Thanks to David Artman for bringing this to my attention (I haven't been checking the recent changes quite as often as I should), and thanks to Melissa for being prompt about blocking the user accounts (sadly, it is more trouble than it's worth to actually delete user accounts in MediaWiki).