Martin: > > Unfortunately, reCAPTCHA might be a victim of its own success - as > > of 2011, some spammers appear to have figured out a way to bypass it, > > either through character recognition or by using humans. For that > > reason, it is not necessarily recommended.
If they have humans working for them no turing test will suffice. (or, perhaps the advanced math one..) this is why I think it is good to keep the captcha for urls. They could have humans create the accounts and then spambots polute 100 pages once the account is created. i.e. make it as expensive for them as we can. Ben: > I can confirm this. On another site that I manage, based on > phpBB, I get unbelievable amounts of spambot requests to > open accounts. Apparently, simple graphical captchas no > longer hold them back. I think math captchas are a good idea. > Plus, it's free brain exercise :) > > Part of the weakness of the ReCaptcha module is that ConfirmEdit > > doesn't include any penalty mechanism, so spam bots can simply keep > > trying to bypass the CAPTCHA until they get through. This is an issue > > that is strongly worth addressing in some way. I guess reCaptcha doesn't mind the spammers working for them, free labor! :-) ok, that's probably being way too cynical, this is ConfirmEdit's bug not reCaptcha's. > > [1] http://www.mediawiki.org/wiki/Confirmedit hmmm, can't hurt to put a "sleep(3)" on a fail, line 119? http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/ConfirmEdit/ReCaptcha.php?revision=104064&view=markup and increment a counter, which if you fail ~10 times then replace the call to $editPage->showEditForm( array( &$this, 'editCallback' ) ); with a message saying that "we could not verify that you were human and your edit was unable to be submitted: make a copy of your work and try again later"? or perhaps mix it up a bit: if the reCaptcha fails 3 times switch to the math captcha, if that fails 3 times failover to simpleCaptcha, if that fails three times have mediawiki ban the IP address for 24 hours. sort of a cascading fail2ban. shrug, Hamish _______________________________________________ grass-user mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/grass-user
