Working With MediaWiki
is displayed as an image.
QuestyCaptcha — asks a question, out of a pre-defined set (the administrator has to create the questions, and their allowed answers).
ReCaptcha — uses the reCAPTCHA service, which uses distorted text from scanned-in books.
Asirra — asks users to select only the cat photos out of a list of 12 photos of cats and dogs.
All of these options, including SimpleCaptcha, are better than nothing; though there’s a big range of effectiveness among all of them. For a while, the ReCaptcha option was a very popular anti-spam tool (as was the reCAPTCHA service in general, on non-wiki sites). It’s the nicest-looking of the ConfirmEdit options, it performs a useful service (helping to digitize old books), and it’s also the only one that provides an alternate, audio-based CAPTCHA, for use by blind or visually-impaired users. However, it may have become a victim of its own popularity: sometime around 2010, spammers apparently figured out en masse how to get around it, and now it’s no longer very useful.
At the moment, the two most effective of these options appear to be QuestyCaptcha and Asirra. With QuestyCaptcha, there’s no automated software that can figure out the right answer to your questions, so even simple questions are generally effective. (Though it’s helpful to replace the set of questions every once in a while, if spam starts getting through.) Asirra appears to be effective in that there’s currently no software that can easily distinguish between cats and dogs — that presumably won’t be the case forever, but it is at the moment.
Whichever CAPTCHA module you go with, ConfirmEdit offers the same standard set of additional options. First, it lets you customize which user groups will see CAPTCHAs, using the ’skipcaptcha’ permission type. By default, only the ’bot’ and ’sysop’ user groups are exempted from CAPTCHAs (in other words, they have ’skipcaptcha’ set to true). If you want to, say, exempt registered users as well, you could add the following to LocalSettings.php:
$wgGroupPermissions['user']['skipcaptcha'] = true;
That may seem like a reasonable change, but actually it’s not necessary or recommended, as we’ll see soon.
ConfirmEdit also lets you configure which actions result in a CAPTCHA test. The relevant actions are:
’edit’ — any attempted page edit
’create’ — the creation of a new page
’addurl’ — any edit which results in a new URL being added to the page
’createaccount’ — user registration
’badlogin’ — when a user tries to log in after already having given an incorrect password (this is useful to guard against bots that try to guess passwords)
By default, ’addurl’, ’createaccount’ and ’badlogin’ are checked, while ’edit’ and ’create’ are not. Why is that — surely every edit is worth checking? Actually, it’s not usually necessary, because of the presence of the ’addurl’ action. Spam almost always involves the addition of one or more URLs. (Not always, though, because, bizarrely, some "pseudo-spammers" like to just add random text to pages.) Meanwhile, in regular wiki editing, new external URLs get added to pages only occasionally. So checking the addition of URLs works to ward off most automated spammers, while being only a minor inconvenience to real users.
In an ideal world, a CAPTCHA system would block all spam. But spammers have figured out how to bypass CAPTCHAs, most likely by hiring humans to enter the inputs (the going rate, according to Wikipedia, is an absurd 0.1 cents for every completed CAPTCHA). Still, ConfirmEdit does seem to cut down significantly on spam: it stops the waves of automated spam that spammers sometimes like to unleash, where hundreds of spam pages can be created in a few hours.
SpamBlacklist
Another, complementary tool is the SpamBlacklist extension, which can block edits based on two criteria: what URLs they add to the page, and what IP address they originate from. URLs that spammers add tend to be to members of a very large, but finite, set of known websites. The SpamBlacklist extension lets you use as many URL "blacklists" as you want, each containing a set of domains (actually, it’s a set of regular expressions for domains, so that, for instance, every domain containing the string "casino-online" can get blocked with one line). By default, SpamBlacklist uses a single blacklist — the Wikimedia Meta-Wiki blacklist, located
Weitere Kostenlose Bücher