On Thu, 25 Apr 2013, Sietse Brouwer wrote:
We're getting 3-12 new accounts created per day. If nothing else,
they're cluttering up the recent changes list.
I think it's a good idea to update the security questions --- it's
easy to do, it'll probably work, and we can always move on to stronger
measures that require more work. Below are some replacemetn questions.
* If you have a log of which questions get answered correctly,
perhaps only rotate out the bad question(s);
* If finding the cracked questions is nontrivial (i.e. more work than
'just open the log file and see which ones get answered every day'),
just replace them all.
If this works, hooray; if it stops working, we can either change the
questions again (if the spammers took long to get through) or move on
to e.g. the ConfirmAccount extension [1,2] (if the questions got
cracked quickly, so we are getting 'human' attention from the spammer
instead of his bots).
Confirm account means that a new user will not be able to quickly correct
typos etc. Isn't there a simple way to add a captcha to mediawiki. I am
not a big fan of Captchas, but the are the de facto standard for human
verification. A user only has to do it once, so it is not too big of an
annoyance either.
Aditya
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the
Wiki!
maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage : http://www.pragma-ade.nl / http://tex.aanhet.net
archive : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___________________________________________________________________________________
