Last modified: 2006-06-01 02:20:33 UTC
This is an urgent request for something to thwart automatic vandalbots from registering accounts. Somebody has registered about 250+ false usernames to my young wiki, and I fear that they are gearing up for an attack. It isn't clear if there is a way for me to find out their IP address, delete the accounts, or mass-block them. True, captchas can be circumvented by offering porn or whatever, but I doubt this vandal is working on that kind of scale. A captcha for registration would be a good solution for young wikis trying to get off the ground without being messed with. It could also be useful for anonymous edits, but I'm not concerned with that. I have disabled new registrations for now. There are probably other steps and solutions to take. Any help would be appreciated.
I can't vouch for this as I haven't tried it, but was posted on mediawiki-l recently: http://www.fxparlant.net/Category:Mediawiki#Captcha
read also http://www.w3.org/TR/2003/WD-turingtest-20031105/ about « Inaccessibility of Visually-Oriented Anti-Robot Tests ».
(In reply to comment #0) > Somebody has registered about 250+ false usernames to my young wiki, and I fear > that they are gearing up for an attack. It isn't clear if there is a way for me > to find out their IP address, delete the accounts, or mass-block them. With an administrator login, you can block IPs and/or users by using the page [[Special:Blockip]] on your wiki. This may require one or more of the variables listed at http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help page this minute.
I will look into adding that to the registration page before I reopen registration. If a wiki gets hammered before it even has enough users to police it, then _nobody_ will be able to use it, vision-impared or otherwise. There are audio captcha options as well. Obviously, some bot has made these registrations, and there should be some way to prevent this from happening.
(In reply to comment #3) > With an administrator login, you can block IPs and/or users by using the page > [[Special:Blockip]] on your wiki. This may require one or more of the variables > listed at > http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be > set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help > page this minute. As far as I can tell, there isn't any way to block the accounts without doing it one at a time. If there were a way to find the IP address of a user one could block it...
http://folktunes.org/wiki/Special:Listusers Is this a new vandalbot? It has made the user page useless.
(In reply to comment #5) > As far as I can tell, there isn't any way to block the accounts without doing it > one at a time. If there were a way to find the IP address of a user one could > block it... I think, although I'm not 100% sure, that with "$wgSysopUserBans=true;" any ban of a user account will also create a fixed-term "autoblock" on the IP[s?] from which that account has recently connected. Presumably, the duration of such blocks is what $wgAutoblockExpiry sets.
Changed severity from "critical" to "enhancement".
I'm in the process of putting a wiki together, and one of my primary concerns is vandalism and bot spam. If my core pages are frequently trashed by bots & vandals, I'm sunk. I'd like to second the request for this feature, preferably implemented with both images & audio. Ideally, it would have one flag that would allow administrators to enable CAPTCHA solely for registration, or enable CAPTCHA for each page edit.
Captcha in other bug reports: http://bugzilla.wikimedia.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&long_desc_type=allwordssubstr&long_desc=Captcha&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0
(In reply to comment #10) > Captcha in other bug reports: > http://bugzilla.wikimedia.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&long_desc_type=allwordssubstr&long_desc=Captcha&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0 TinyURL is your friend. Also, why dump all this stuff on us? We do know how to search for it, if we wanted to. I'll bet 60% of those bug reports don't relate to this one.
A captcha plugin is currently in production testing on some Wikimedia sites.
(In reply to comment #12) > A captcha plugin is currently in production testing on some Wikimedia sites. http://th.wikibooks.org/w/index.php?title=special:Userlogin&type=signup Thanks Brion!
Can I ask for some details on how the Thai Wikibooks implemented this plugin? Could this be released as an more 'official' extension? I would think with the proliferation and intelligence of some of the newer spam-bots, this would be an extension that a lot of sites would want to implement. Our projects included... I know this is asking a lot, but it might even make sense to bring into the core. A great deal of sites are using some sort of anti-bot tactics. (Wikis, Bulletin-boards, blogs, etc.)
See the ConfirmEdit extension and the FancyCaptcha plugin in CVS. Requires MediaWiki 1.6 for some of the hooks.
Ahh very cool. Thank you. Is that python script by Neil necessary as well I assume?
Yes, it's what generates the captcha images.
Closing as FIXED, since a working captcha extension is now available.