View Issue Details

IDProjectCategoryView StatusLast Update
0000049WackoWikieditingpublic2009-08-19 09:38
ReporterEoNy Assigned ToTann San  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version4.2 
Target Version4.3.rcFixed in Version4.3.rc 
Summary0000049: Captcha: Optional spam bot protection
DescriptionThe idea is to optionally protect commenting and page editing using a Captcha Test (see http://www.captcha.net/). There are a few different PHP implementations out there that can be adopted by wackowiki.

The admin can optionaly enable these for submitting edited pages or comments.

It won't get rid of the most dedicated of spammers, but should stop alot of it.

http://test.wackowiki.org/Bugs/49?show_comments=1#comments
Additional InformationVisual confirmation settings
http://www.captcha.net/
http://c2.com/cgi/wiki?CaptchaTest

Captcha Tests aren't fail safe...
http://www.cs.sfu.ca/~mori/research/gimpy/
TagsNo tags attached.

Relationships

related to 0000021 resolvedTann San ANTISPAM as badword.conf 
related to 0000235 resolvedadministrator Registration without Captcha is broken 

Activities

EoNy

2007-08-31 15:09

manager   ~0000056

Last edited: 2009-01-06 17:17

kukutz
26-09-2004 22:07

    Hmm.

Very interesting idea.

I think, it may be enabled only for unregistered users. Do you think so?

And, of course, it should work at registration page too.
 
tomspilman
27-09-2004 00:15

    Really you could make it an option to leave them enabled for registered users, but registration and unregistered edits/comments is probably the most importaint places for this kinda protection.

Also it seems like it's fairly importaint to use a test which distorts the letters like the Yahoo login does. If it doesn't it seems like it's fairly easily breakable by spam bots.

It should use 5 random characters (maybe the number of characters and a character exception list is a config option). This avoids the need to localize a word list.
 
tomspilman
23-12-2004 08:49

    FYI. The latest version of phpBB added a captcha test (they call it visual confirm). http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
 
mb
14-06-2005 23:54

    http://wackowiki.org/Dev/PatchesHacks/CapTcha

Tann San

2007-09-12 21:49

manager   ~0000075

Captchas for both posting and comments have already been implemented as hacks n patches. It's already planned to move them into the main release in due time.

administrator

2007-09-13 11:59

administrator   ~0000079

+ registration

Tann San

2007-09-13 12:02

manager   ~0000080

gotcha, needs a captcha on registration. I've un-resolved this one so I don't forget :¬)

EoNy

2007-09-14 08:34

manager   ~0000084

Last edited: 2009-01-06 17:19

http://wackowiki.org/Dev/PatchesHacks/ReCapTcha

it has a command line updater(installer) attached to it

Tann San

2007-09-15 09:09

manager   ~0000085

For anyone who can't be arsed translating that site here's the breakdown. It's a registration system captcha. You first have to get the libs from http://recaptcha.net and install them. The big code boxes generally go like this: find what's in the first one and then add the code in the second box after it. Same with 3rd and 4th and then 5th and 6th.

ah you know what, that captcha system sucks. Way too much work. I'm not going to finish translating it but bascially it's saying the rest of the page is about the numerous problems with merging that captcha and wacko and the various hacks to get around them.

The site is still good for detailing where to apply our current captcha system to make it work with the registration section though.

Tann San

2007-12-17 02:22

manager   ~0000239

I don't think I mentioned that I did some more reading on recaptcha and it isn't actually crap like I originally said it was. The idea is quite cool. There are hundreds, thousands, who knows, could be millions of books and papers that need to be digitised. Conventional computer OCR systems would take ages to read this data so the idea with recaptcha is to get humans to do the work. The captcha images are actually words taken from various books and documents that need digitising. You are presented two words. One is already known by the system the other needs deciphering. Since the end user doesn't know which one is which they will try and enter both words correctly. The recapchta database then stores a map of how many people said word A was the same thing which lets it assess how likely it is that the word is infact word A.

Anyhow, long story short, it's kinda cool. The main downside to it is that it requires the users server to contact the recaptcha server to download the captcha images. The other minor downside is that we are relying on the recaptcha people not to change how their system works or we will have to modify ours to match which in turn means all our users have to do that as well with their local copies of the wiki. By using our own captcha system we avoid that. The reason I'm saying that is because I thought it might be night to make it a config option i.e. "use_built_in_captcha_or_recaptcha=>recaptcha", well better named and thought out and stuff. That still has the problem that if they change the way their system works we will have to change ours etc.

administrator

2007-12-18 06:04

administrator   ~0000245

Last edited: 2008-05-23 09:18

Recaptcha belongs to the Hack&Patches section for my part, but we should implement an optional Captcha - at least an simple protection against registration bots

Tann San

2007-12-18 15:14

manager   ~0000250

that's why I didn't close this issue but just added a note. the reg section does need a captcha, i'm not sure how urgent it is. if you think it's important then add it to the roadmap.

administrator

2007-12-24 17:33

administrator   ~0000267

Last edited: 2008-06-09 13:30

http://www.ejeliot.com/pages/2
-> http://ccwakka.cvs.sourceforge.net/ccwakka/coocoowakka/libs/captcha/php-captcha.inc.php?revision=1.1&view=markup

other lib
http://www.captcha.ru/en/kcaptcha/

Tann San

2008-04-18 23:30

manager   ~0000321

We're having a discussion about Captchas over here:

http://forums.devshed.com/dev-shed-lounge-26/captchas-523590.html

The conversation was started due to Google, Yahoo and Hotmail having their captcha systems defeated recently.

administrator

2008-06-26 12:16

administrator   ~0000382

did I forgot something while moving the captcha folder to the libs folder

I can see only the background image in the captcha applet

Tann San

2008-06-29 19:16

manager   ~0000386

Added: Captcha to new page, edit page, page comments and user registration.

administrator

2008-07-03 16:12

administrator   ~0000408

$max_attempts = 200;

we can set the default value to 15 attempts (?)

administrator

2008-10-22 15:52

administrator   ~0000530

set the default value to 15 attempts

SVNed with revision 183

Issue History

Date Modified Username Field Change
2007-08-31 15:08 EoNy New Issue
2007-08-31 15:08 EoNy Legacy => NEW
2007-08-31 15:09 EoNy Note Added: 0000056
2007-08-31 21:02 administrator Legacy NEW => NPJ
2007-09-12 21:48 Tann San Status new => assigned
2007-09-12 21:48 Tann San Assigned To => Tann San
2007-09-12 21:49 Tann San Status assigned => resolved
2007-09-12 21:49 Tann San Fixed in Version => 5.0.0
2007-09-12 21:49 Tann San Resolution open => fixed
2007-09-12 21:49 Tann San Note Added: 0000075
2007-09-13 11:59 administrator Note Added: 0000079
2007-09-13 12:02 Tann San Note Added: 0000080
2007-09-13 12:02 Tann San Status resolved => assigned
2007-09-14 08:34 EoNy Note Added: 0000084
2007-09-15 09:09 Tann San Note Added: 0000085
2007-09-16 09:53 EoNy Note Edited: 0000084
2007-10-03 15:05 administrator Summary Optional spam bot protection => Captcha: Optional spam bot protection
2007-10-16 00:15 administrator Additional Information Updated
2007-12-17 02:22 Tann San Note Added: 0000239
2007-12-17 02:22 Tann San Status assigned => feedback
2007-12-18 06:04 administrator Note Added: 0000245
2007-12-18 15:14 Tann San Note Added: 0000250
2007-12-21 14:58 administrator Resolution fixed => open
2007-12-21 14:58 administrator Fixed in Version 5.0.0 =>
2007-12-21 14:58 administrator Target Version => 5.0.0
2007-12-24 17:33 administrator Note Added: 0000267
2008-04-11 16:35 administrator Relationship added related to 0000021
2008-04-11 16:36 administrator Note Edited: 0000056
2008-04-18 23:30 Tann San Note Added: 0000321
2008-05-23 08:58 administrator Note Edited: 0000056
2008-05-23 08:59 administrator Note Edited: 0000084
2008-05-23 09:18 administrator Note Edited: 0000245
2008-06-09 13:30 administrator Note Edited: 0000267
2008-06-17 04:51 administrator Description Updated
2008-06-26 12:16 administrator Note Added: 0000382
2008-06-29 19:16 Tann San Note Added: 0000386
2008-06-29 19:16 Tann San Status feedback => resolved
2008-06-29 19:16 Tann San Fixed in Version => 5.0.0
2008-06-29 19:16 Tann San Resolution open => fixed
2008-07-03 16:12 administrator Note Added: 0000408
2008-08-23 14:16 administrator Description Updated
2008-08-23 14:17 administrator Note Edited: 0000056
2008-08-23 14:17 administrator Note Edited: 0000084
2008-09-25 21:28 administrator Additional Information Updated
2008-10-22 15:46 administrator Relationship added related to 0000235
2008-10-22 15:52 administrator Note Added: 0000530
2009-01-06 17:17 administrator Note Edited: 0000056
2009-01-06 17:19 administrator Note Edited: 0000084
2009-08-19 09:25 administrator Fixed in Version 5.0.0 => 4.3.rc
2009-08-19 09:38 administrator Target Version 5.0.0 => 4.3.rc
2010-03-08 10:12 administrator Category Editing => editing