On Oct 24, 2007, at 11:47 AM, David Artman wrote:
Ok, that's a bit wild sounding... but there's at least five new
(probably) spambot accounts on the Rabbit wiki, and they are doing
their thing (which I bet are preliminary tests) of adding a
nonsense word to the start of random pages. They have also
successfully created new pages and
The mass deletions are soon to come.
Admins--could you get some kind of ReCaptcha plug-in running? Or
better still, switch it to Admin approval for new members? We
aren't Wikipedia; we can manage to gateway the site with minimal
effort and not render it "unsocial" or "insular." That how the
Rabbit Roster worked, right?
As suggested, I've added the reCAPTCHA plugin. I've done some basic
testing, and it appears to work; the default configuration seems
pretty reasonable, so I've left it at that. I've elected not to
require admin approval for accounts yet, since I think that will take
more time to set up and work out, and I think that CAPTCHAs will get
us the best payoff for time invested.
This means that you'll have to enter a CAPTCHA (that is, type some
words shown in an image) any time you want to create an account or
add a URL to a page, or if you provide the wrong password when trying
to log in. Could a few users test this out, by trying to add some
URLs, while logged in and while logged out, to the Sandbox page, to
make sure it brings up a CAPTCHA in the right circumstances?
Right now the configuration is that if anyone but an admin tries to
add a URL it prompts for a CAPTCHA. I could also change it to allow
any registered user to add URLs unhindered, since registering is
already protected by a CAPTCHA. Or, I could create a new group of
trusted users, who are allowed to add URLs but who aren't admins. Or
I could leave it as is. Anyone have any preferences?
Thanks to David Artman for bringing this to my attention (I haven't
been checking the recent changes quite as often as I should), and
thanks to Melissa for being prompt about blocking the user accounts
(sadly, it is more trouble than it's worth to actually delete user
accounts in MediaWiki).