Quoting DM Smith <dmsmith...@yahoo.com>:
I have learned more about wikis and fighting spam than I ever wanted to;)
I have recently learned (read), to my surprise, that "captchas" are not a final solution. Spammers have already used human resources - in cheap developing countries, of course - to break them. Image recognition have become better and better and is ready to break visual traps. Captchas may be very annoying. Last time I used one I got furious because I couldn't be sure what was there and I had to retry several times. If it's used in every edit it surely may block some spam but it also prevents valid edits because it raises the bar too high. The idea of a wiki should be that it's easy and fast.
I have one CrossWire-specific trick in mind, but I don't know if it's too much work and how it could be implemented. There could be a small quiz, for example 4 questions with 4 multiple choices. The answers could be found in our FAQ. If the questions and choices are put there in random order it would prevent any non-human cracking, and the quiz would ensure that the user is determined enough to know something about us.
New as of today: 3) A user agent string is necessary to view the wiki. Without it a 503, forbidden will be generated.
I hope this gives also a message telling the reason. Otherwise some valid users may be blocked without they knowing why.
I've installed reCaptcha, which gives the user a choice of visual and auditory captchas. I chose this one based on a much earlier thread that expressed the concern that it be friendly to handicapped users. The default implementation requires captcha for the following: 4) Creation of new accounts.
This is fair, but see above.
5) Adding an external URL to a page. (Let me know if this gets in the way. I can turn it off.)
Have the spammers put external urls there? Most of the wiki spam I have seen has been incomprehensible gibberish. Also, if creation of new accounts is already protected, I don't know how this helps any more. If spammers can create accounts they can create links, too.
6) Failed login attempts (purpose is to foil automated password cracking).
Fair enough.
If necessary I can add captcha to every edit and to every page creation.
Please, never! I'll stop using wiki at that phase. --Eeli Kaikkonen _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
