Hi Edy, Thanks for starting this investigation.
However I think it’s the wrong one :) IMO we should investigate various CAPTCHA solutions but take a larger view at what the problem is. And, as you mentioned below, the problem is that of fighting SPAM, especially in comments. CAPTCHA is only one solution to solve this problem. And not a very effective one apparently. I haven’t thought that much about it but I can imagine at least 4 other solutions that would be interesting to investigate: 1) When a user is not logged in and wants to post a comment, ask him for his name and email address in the comment. After he submits his comment, a mail is sent to him for validation and he has to click a link to confirm posting the message. 2) When a user is not logged in and after he clicks submit on a new comment, don’t make it active right away, but instead put it on a moderation queue. Once his message is approved he’ll then be able to post all further messages without approval. <offtopic> At some point I think it would be great to gamify xwiki.org and we could imagine giving points to users when they perform interesting actions and the more points they get the more authorizations they unlock: - registering: 1 point - posting the first comment: 1 point. Points required to post a comment: 1 (otherwise the comment is moderated) - first edition of a page: 1 point - first page created: 1 point - page deleted because not correct: -2 points (page moved: 0 point) - every 10 pages edited: 1 point - 100 points: permission to create a wiki on myxwiki.org - etc </offtopic> 3) Create an Admin UI screen to list all the comments in a livetable, sorted by the latest comment by default with action buttons to delete a the revision where the comment was addded + mass revision deletion action so that we can filter on the comment content and then delete all matching comments at once. This is more wiki-like than the other options 1) and 2) above but requires a higher amount of maintenance than 1 and 2. 4) Add the ability to integrate a 3rd-party comment system like intensedebate and disqus. FTR I have done that on my blog at myxwiki.org and I almost never get spam since they filter it for me: see http://massol.myxwiki.org/xwiki/bin/view/Blog/AnonymousComments (wow, time flies, this was in 2009 :)) Similar strategies can be applied for registration (at least for 1) - which is already supported! and 2). WDYT? I think it’s worth expanding the discussion/investigation to ways of reducing spam rather than focusing just on captcha which are far from enough IMO. BTW solution 2) will fix human spam too, something captcha will never be able to do by definition! :) Thanks -Vincent On 26 Jan 2015 at 19:10:59, Eduard Moraru (enygma2...@gmail.com(mailto:enygma2...@gmail.com)) wrote: > Hi devs, > > We have been getting reports recently of people getting a lot of SPAM in > their public XWiki instances, even if they had the CAPTCHA module [1] > enabled on their comments/registration pages. > > These past 2 days I`ve been investigating the current status of the CAPTCHA > module and what is the state of the art in fighting SPAM. > > I have produced the following document [2] that I would like you to have a > look at and tell me what you think and/or what is your experience with > XWiki's CAPTCHA module and with fighting SPAM in general. > > TL;DR: I would like to propose that we move to Google's new NO CAPTHA > reCAPTCHA as the default CAPTCHA solution and that we implement a > configurable back-end that allows admins to easily switch between CAPTCHA > engines/services. > > Thanks, > Eduard > > ---------- > [1] http://extensions.xwiki.org/xwiki/bin/view/Extension/Captcha+Module > [2] http://design.xwiki.org/xwiki/bin/view/Proposal/CAPTCHAinvestigation70 > _______________________________________________ > devs mailing list > devs@xwiki.org > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list devs@xwiki.org http://lists.xwiki.org/mailman/listinfo/devs
