GNU MediaGoblin:Community portal

From GNU MediaGoblin Wiki
Revision as of 00:22, 3 May 2012 by Ciaran (talk | contribs) (→‎Spam blocking: Questy Captcha: added documentation links (Is this in the right place for this sort of stuff? What types of in-wiki communication *are* allowed?))
Jump to navigation Jump to search

Spam blocking: Questy Captcha

I see you've spambots making lots of new accounts and occasionally making spam pages. (Special:RecentChanges)

I installed ConfirmEdit (it's free-as-in-freedom) on my wiki ( http://en.swpat.org/ ) and spam has dropped to nearly zero. ConfirmEdit offers a few captchas but I think QuestyCaptcha is by far the best. It requires new contributors to answer a question if they want to edit anonymously or make an account. There are no questions supplied, so each wiki has to write their own. The result is simple for a human but practically impossible for a bot.

Documentation:

Rough HOWTO:

  1. Download it here: http://www.mediawiki.org/wiki/Special:ExtensionDistributor/ConfirmEdit
  2. mv ConfirmEdit-MW1.17-r77902.tar.gz WIKIDIRECTORY/extensions/
  3. untar it there
  4. Put these lines at the end of LocalSettings.php (change or add as many questions as you like):
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
require_once( "$IP/extensions/ConfirmEdit/QuestyCaptcha.php");
$wgCaptchaClass = 'QuestyCaptcha';
$wgCaptchaQuestions[] = array( 'question' => "What colour is grass", 'answer' => "green" );
$wgCaptchaQuestions[] = array( 'question' => "What do most people sleep in at night? (3 letters)", 'answer' => "bed" );

    5. In WIKIDIRECTORY/extensions/ConfirmEdit/ConfirmEdit.php, make two changes:

  • Search for the following, and change it to "true":
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
  • Search for the following, and change it also to "true":
$wgCaptchaTriggers['edit']          = false; // Would check on every edit

I do still get a trickle of spam, which I found surprising. Maybe some of the spam networks that target my wiki include groups of humans, but only a small fraction have good enough English to answer my silly questions.

In contrast, requiring email confirmation is inconvenient for well-intentioned visitors and probably doesn't block any spambots. Automating the response is probably trivial for a spambot author (although I haven't tested to see if it does reduce spam). In any case, QuestyCaptcha should be enough.

Hope that helps, and best of luck with GNU MediaGoblin! Ciaran 17:58, 2 May 2012 (EDT)