Last modified: 2006-06-01 02:20:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T4255, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 2255 - Captcha for registration
Captcha for registration
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Normal enhancement with 7 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
http://folktunes.org/wiki/Special:Lis...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-27 00:33 UTC by Forrest O.
Modified: 2006-06-01 02:20 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Forrest O. 2005-05-27 00:33:36 UTC
This is an urgent request for something to thwart automatic vandalbots from
registering accounts.

Somebody has registered about 250+ false usernames to my young wiki, and I fear
that they are gearing up for an attack.  It isn't clear if there is a way for me
to find out their IP address, delete the accounts, or mass-block them.

True, captchas can be circumvented by offering porn or whatever, but I doubt
this vandal is working on that kind of scale.  A captcha for registration would
be a good solution for young wikis trying to get off the ground without being
messed with.  It could also be useful for anonymous edits, but I'm not concerned
with that.

I have disabled new registrations for now. There are probably other steps and
solutions to take.  Any help would be appreciated.
Comment 1 Brion Vibber 2005-05-27 00:44:47 UTC
I can't vouch for this as I haven't tried it, but was posted on mediawiki-l recently:
http://www.fxparlant.net/Category:Mediawiki#Captcha
Comment 2 FoeNyx 2005-05-27 00:59:03 UTC
read also http://www.w3.org/TR/2003/WD-turingtest-20031105/ about «
Inaccessibility of Visually-Oriented Anti-Robot Tests ». 
Comment 3 Rowan Collins [IMSoP] 2005-05-27 01:07:05 UTC
(In reply to comment #0)
> Somebody has registered about 250+ false usernames to my young wiki, and I fear
> that they are gearing up for an attack.  It isn't clear if there is a way for me
> to find out their IP address, delete the accounts, or mass-block them.

With an administrator login, you can block IPs and/or users by using the page
[[Special:Blockip]] on your wiki. This may require one or more of the variables
listed at
http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be
set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help
page this minute.
Comment 4 Forrest O. 2005-05-27 01:10:45 UTC
I will look into adding that to the registration page before I reopen registration.

If a wiki gets hammered before it even has enough users to police it, then
_nobody_ will be able to use it, vision-impared or otherwise.  There are audio
captcha options as well.

Obviously, some bot has made these registrations, and there should be some way
to prevent this from happening.
Comment 5 Forrest O. 2005-05-27 01:15:24 UTC
(In reply to comment #3)
> With an administrator login, you can block IPs and/or users by using the page
> [[Special:Blockip]] on your wiki. This may require one or more of the variables
> listed at
> http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be
> set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help
> page this minute.

As far as I can tell, there isn't any way to block the accounts without doing it
one at a time.  If there were a way to find the IP address of a user one could
block it...
Comment 6 Forrest O. 2005-05-27 01:26:33 UTC
http://folktunes.org/wiki/Special:Listusers
Is this a new vandalbot?  It has made the user page useless.
Comment 7 Rowan Collins [IMSoP] 2005-05-27 17:39:07 UTC
(In reply to comment #5)
> As far as I can tell, there isn't any way to block the accounts without doing it
> one at a time.  If there were a way to find the IP address of a user one could
> block it...

I think, although I'm not 100% sure, that with "$wgSysopUserBans=true;" any ban
of a user account will also create a fixed-term "autoblock" on the IP[s?] from
which that account has recently connected. Presumably, the duration of such
blocks is what $wgAutoblockExpiry sets.
Comment 8 Ævar Arnfjörð Bjarmason 2005-05-30 15:56:48 UTC
Changed severity from "critical" to "enhancement".
Comment 9 David Taylor 2005-11-09 19:21:50 UTC
I'm in the process of putting a wiki together, and one of my primary 
concerns is vandalism and bot spam. If my core pages are frequently 
trashed by bots & vandals, I'm sunk.

I'd like to second the request for this feature, preferably 
implemented with both images & audio. Ideally, it would have one flag 
that would allow administrators to enable CAPTCHA solely for 
registration, or enable CAPTCHA for each page edit.

Comment 12 Brion Vibber 2006-01-29 07:49:51 UTC
A captcha plugin is currently in production testing on some Wikimedia sites.
Comment 13 lɛʁi לערי ריינהארט 2006-01-29 21:43:35 UTC
(In reply to comment #12)
> A captcha plugin is currently in production testing on some Wikimedia sites.

http://th.wikibooks.org/w/index.php?title=special:Userlogin&type=signup

Thanks Brion!
Comment 14 Jamie Hari 2006-03-17 05:08:15 UTC
Can I ask for some details on how the Thai Wikibooks implemented this plugin?

Could this be released as an more 'official' extension? I would think with the
proliferation 
and intelligence of some of the newer spam-bots, this would be an extension that
a lot of 
sites would want to implement. Our projects included...

I know this is asking a lot, but it might even make sense to bring into the
core. A great 
deal of sites are using some sort of anti-bot tactics. (Wikis, Bulletin-boards,
blogs, etc.)
Comment 15 Rob Church 2006-03-17 07:10:46 UTC
See the ConfirmEdit extension and the FancyCaptcha plugin in CVS. Requires
MediaWiki 1.6 for some of the hooks.
Comment 16 Jamie Hari 2006-03-17 14:31:16 UTC
Ahh very cool. Thank you. 
Is that python script by Neil necessary as well I assume?
Comment 17 Rob Church 2006-03-17 19:12:44 UTC
Yes, it's what generates the captcha images.
Comment 18 Rob Church 2006-06-01 02:20:33 UTC
Closing as FIXED, since a working captcha extension is now available.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links