Looney Labs Rabbits Mailing list Archive

Re: [Rabbits] Wiki Under Spambot Assault!

  • From"Melissa Parish" <beautifulfool@xxxxxxxxx>
  • DateThu, 25 Oct 2007 08:20:29 -0500
Yay! ReCaptcha!  That's the one that helps out digitizing books, right?  I think it's such a great idea.

You can probably have it so that registered users can add URLs since, as you said, registration already requires a CAPTCHA.  Redundant CAPTCHAs could get annoying for the user.

I had also heard that it is hard to permanently delete user accounts, so an infinite block should be good enough.  =)

~ Melissa

On 10/25/07, Brian Campbell <lambda@xxxxxxx> wrote:
On Oct 24, 2007, at 11:47 AM, David Artman wrote:

> Ok, that's a bit wild sounding... but there's at least five new
> (probably) spambot accounts on the Rabbit wiki, and they are doing
> their thing (which I bet are preliminary tests) of adding a
> nonsense word to the start of random pages. They have also
> successfully created new pages and
> The mass deletions are soon to come.
> Admins--could you get some kind of ReCaptcha plug-in running? Or
> better still, switch it to Admin approval for new members? We
> aren't Wikipedia; we can manage to gateway the site with minimal
> effort and not render it "unsocial" or "insular." That how the
> Rabbit Roster worked, right?

As suggested, I've added the reCAPTCHA plugin. I've done some basic
testing, and it appears to work; the default configuration seems
pretty reasonable, so I've left it at that. I've elected not to
require admin approval for accounts yet, since I think that will take
more time to set up and work out, and I think that CAPTCHAs will get
us the best payoff for time invested.

This means that you'll have to enter a CAPTCHA (that is, type some
words shown in an image) any time you want to create an account or
add a URL to a page, or if you provide the wrong password when trying
to log in. Could a few users test this out, by trying to add some
URLs, while logged in and while logged out, to the Sandbox page, to
make sure it brings up a CAPTCHA in the right circumstances?

Right now the configuration is that if anyone but an admin tries to
add a URL it prompts for a CAPTCHA. I could also change it to allow
any registered user to add URLs unhindered, since registering is
already protected by a CAPTCHA. Or, I could create a new group of
trusted users, who are allowed to add URLs but who aren't admins. Or
I could leave it as is. Anyone have any preferences?

Thanks to David Artman for bringing this to my attention (I haven't
been checking the recent changes quite as often as I should), and
thanks to Melissa for being prompt about blocking the user accounts
(sadly, it is more trouble than it's worth to actually delete user
accounts in MediaWiki).
Rabbits mailing list