On Jan 8, 2009, at 1:22 AM, Eeli Kaikkonen wrote:
Quoting DM Smith <dmsmith...@yahoo.com>:
I have learned more about wikis and fighting spam than I ever
wanted to;)
I have recently learned (read), to my surprise, that "captchas" are
not a final solution. Spammers have already used human resources -
in cheap developing countries, of course - to break them. Image
recognition have become better and better and is ready to break
visual traps. Captchas may be very annoying. Last time I used one I
got furious because I couldn't be sure what was there and I had to
retry several times. If it's used in every edit it surely may block
some spam but it also prevents valid edits because it raises the bar
too high. The idea of a wiki should be that it's easy and fast.
I have one CrossWire-specific trick in mind, but I don't know if
it's too much work and how it could be implemented. There could be a
small quiz, for example 4 questions with 4 multiple choices. The
answers could be found in our FAQ. If the questions and choices are
put there in random order it would prevent any non-human cracking,
and the quiz would ensure that the user is determined enough to know
something about us.
I'll keep this in mind. My strategy is to be minimally invasive. If I
can find a better method than captchas I'll replace it. There is a
math version of the captcha, which might be better than what I have in
place. BTW, I don't know php and at this point I am not interested in
learning php. There are more interesting things for me to do.
Chris, Peter and I watch edits daily, acting as an informal editorial
board. We catch spam generally within a few hours. So the value of
captchas is that it further minimizes junk from being seen by others
and the also work we have to do to keep it clean.
New as of today:
3) A user agent string is necessary to view the wiki. Without it a
503,
forbidden will be generated.
I hope this gives also a message telling the reason. Otherwise some
valid users may be blocked without they knowing why.
I agree, but I don't have it in place yet.
I've installed reCaptcha, which gives the user a choice of visual and
auditory captchas. I chose this one based on a much earlier thread
that
expressed the concern that it be friendly to handicapped users. The
default implementation requires captcha for the following:
4) Creation of new accounts.
This is fair, but see above.
I think most of the new accounts are automated as the account name
have a well defined pattern of "AbcdeFghijk".
You are welcomed to try it out. When you get to the login screen,
click on the new account creation link to see reCaptcha. When it comes
up, it gives two hard to read words, but has a button to generate new
ones (which I generally click about 3 times before I can read both
words), a toggle to flip between text and audio. I don't have an mp3
codec on my machine so I haven't tried it.
5) Adding an external URL to a page. (Let me know if this gets in the
way. I can turn it off.)
Have the spammers put external urls there? Most of the wiki spam I
have seen has been incomprehensible gibberish. Also, if creation of
new accounts is already protected, I don't know how this helps any
more. If spammers can create accounts they can create links, too.
Yes spammers have been putting in external urls to drug and porn
sites. Lately, perhaps for the last year or so, most, maybe all, of
the spam edits have been to insert gibberish.
This is the only default that I'm not sure I like. A few of our active
wiki writers add external links on a regular basis. These are very
constructive and I don't want to discourage them.
To turn it off just takes a couple of minutes.
6) Failed login attempts (purpose is to foil automated password
cracking).
Fair enough.
If necessary I can add captcha to every edit and to every page
creation.
Please, never! I'll stop using wiki at that phase.
These are available captcha hooks. I don't like them. I don't see us
needing them, as we keep on top of the edits.
In Christ,
DM
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
