View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000049 | WackoWiki | editing | public | 2007-08-31 15:08 | 2009-08-19 09:38 |
| Reporter | EoNy | Assigned To | Tann San | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.2 | ||||
| Target Version | 4.3.rc | Fixed in Version | 4.3.rc | ||
| Summary | 0000049: Captcha: Optional spam bot protection | ||||
| Description | The idea is to optionally protect commenting and page editing using a Captcha Test (see http://www.captcha.net/). There are a few different PHP implementations out there that can be adopted by wackowiki. The admin can optionaly enable these for submitting edited pages or comments. It won't get rid of the most dedicated of spammers, but should stop alot of it. http://test.wackowiki.org/Bugs/49?show_comments=1#comments | ||||
| Additional Information | Visual confirmation settings http://www.captcha.net/ http://c2.com/cgi/wiki?CaptchaTest Captcha Tests aren't fail safe... http://www.cs.sfu.ca/~mori/research/gimpy/ | ||||
| Tags | No tags attached. | ||||
| related to | 0000021 | resolved | Tann San | ANTISPAM as badword.conf |
| related to | 0000235 | resolved | administrator | Registration without Captcha is broken |
|
|
kukutz 26-09-2004 22:07 Hmm. Very interesting idea. I think, it may be enabled only for unregistered users. Do you think so? And, of course, it should work at registration page too. tomspilman 27-09-2004 00:15 Really you could make it an option to leave them enabled for registered users, but registration and unregistered edits/comments is probably the most importaint places for this kinda protection. Also it seems like it's fairly importaint to use a test which distorts the letters like the Yahoo login does. If it doesn't it seems like it's fairly easily breakable by spam bots. It should use 5 random characters (maybe the number of characters and a character exception list is a config option). This avoids the need to localize a word list. tomspilman 23-12-2004 08:49 FYI. The latest version of phpBB added a captcha test (they call it visual confirm). http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636 mb 14-06-2005 23:54 http://wackowiki.org/Dev/PatchesHacks/CapTcha |
|
|
Captchas for both posting and comments have already been implemented as hacks n patches. It's already planned to move them into the main release in due time. |
|
|
+ registration |
|
|
gotcha, needs a captcha on registration. I've un-resolved this one so I don't forget :¬) |
|
|
http://wackowiki.org/Dev/PatchesHacks/ReCapTcha it has a command line updater(installer) attached to it |
|
|
For anyone who can't be arsed translating that site here's the breakdown. It's a registration system captcha. You first have to get the libs from http://recaptcha.net and install them. The big code boxes generally go like this: find what's in the first one and then add the code in the second box after it. Same with 3rd and 4th and then 5th and 6th. ah you know what, that captcha system sucks. Way too much work. I'm not going to finish translating it but bascially it's saying the rest of the page is about the numerous problems with merging that captcha and wacko and the various hacks to get around them. The site is still good for detailing where to apply our current captcha system to make it work with the registration section though. |
|
|
I don't think I mentioned that I did some more reading on recaptcha and it isn't actually crap like I originally said it was. The idea is quite cool. There are hundreds, thousands, who knows, could be millions of books and papers that need to be digitised. Conventional computer OCR systems would take ages to read this data so the idea with recaptcha is to get humans to do the work. The captcha images are actually words taken from various books and documents that need digitising. You are presented two words. One is already known by the system the other needs deciphering. Since the end user doesn't know which one is which they will try and enter both words correctly. The recapchta database then stores a map of how many people said word A was the same thing which lets it assess how likely it is that the word is infact word A. Anyhow, long story short, it's kinda cool. The main downside to it is that it requires the users server to contact the recaptcha server to download the captcha images. The other minor downside is that we are relying on the recaptcha people not to change how their system works or we will have to modify ours to match which in turn means all our users have to do that as well with their local copies of the wiki. By using our own captcha system we avoid that. The reason I'm saying that is because I thought it might be night to make it a config option i.e. "use_built_in_captcha_or_recaptcha=>recaptcha", well better named and thought out and stuff. That still has the problem that if they change the way their system works we will have to change ours etc. |
|
|
Recaptcha belongs to the Hack&Patches section for my part, but we should implement an optional Captcha - at least an simple protection against registration bots |
|
|
that's why I didn't close this issue but just added a note. the reg section does need a captcha, i'm not sure how urgent it is. if you think it's important then add it to the roadmap. |
|
|
http://www.ejeliot.com/pages/2 -> http://ccwakka.cvs.sourceforge.net/ccwakka/coocoowakka/libs/captcha/php-captcha.inc.php?revision=1.1&view=markup other lib http://www.captcha.ru/en/kcaptcha/ |
|
|
We're having a discussion about Captchas over here: http://forums.devshed.com/dev-shed-lounge-26/captchas-523590.html The conversation was started due to Google, Yahoo and Hotmail having their captcha systems defeated recently. |
|
|
did I forgot something while moving the captcha folder to the libs folder I can see only the background image in the captcha applet |
|
|
Added: Captcha to new page, edit page, page comments and user registration. |
|
|
$max_attempts = 200; we can set the default value to 15 attempts (?) |
|
|
set the default value to 15 attempts SVNed with revision 183 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-08-31 15:08 | EoNy | New Issue | |
| 2007-08-31 15:08 | EoNy | Legacy | => NEW |
| 2007-08-31 15:09 | EoNy | Note Added: 0000056 | |
| 2007-08-31 21:02 | administrator | Legacy | NEW => NPJ |
| 2007-09-12 21:48 | Tann San | Status | new => assigned |
| 2007-09-12 21:48 | Tann San | Assigned To | => Tann San |
| 2007-09-12 21:49 | Tann San | Status | assigned => resolved |
| 2007-09-12 21:49 | Tann San | Fixed in Version | => 5.0.0 |
| 2007-09-12 21:49 | Tann San | Resolution | open => fixed |
| 2007-09-12 21:49 | Tann San | Note Added: 0000075 | |
| 2007-09-13 11:59 | administrator | Note Added: 0000079 | |
| 2007-09-13 12:02 | Tann San | Note Added: 0000080 | |
| 2007-09-13 12:02 | Tann San | Status | resolved => assigned |
| 2007-09-14 08:34 | EoNy | Note Added: 0000084 | |
| 2007-09-15 09:09 | Tann San | Note Added: 0000085 | |
| 2007-09-16 09:53 | EoNy | Note Edited: 0000084 | |
| 2007-10-03 15:05 | administrator | Summary | Optional spam bot protection => Captcha: Optional spam bot protection |
| 2007-10-16 00:15 | administrator | Additional Information Updated | |
| 2007-12-17 02:22 | Tann San | Note Added: 0000239 | |
| 2007-12-17 02:22 | Tann San | Status | assigned => feedback |
| 2007-12-18 06:04 | administrator | Note Added: 0000245 | |
| 2007-12-18 15:14 | Tann San | Note Added: 0000250 | |
| 2007-12-21 14:58 | administrator | Resolution | fixed => open |
| 2007-12-21 14:58 | administrator | Fixed in Version | 5.0.0 => |
| 2007-12-21 14:58 | administrator | Target Version | => 5.0.0 |
| 2007-12-24 17:33 | administrator | Note Added: 0000267 | |
| 2008-04-11 16:35 | administrator | Relationship added | related to 0000021 |
| 2008-04-11 16:36 | administrator | Note Edited: 0000056 | |
| 2008-04-18 23:30 | Tann San | Note Added: 0000321 | |
| 2008-05-23 08:58 | administrator | Note Edited: 0000056 | |
| 2008-05-23 08:59 | administrator | Note Edited: 0000084 | |
| 2008-05-23 09:18 | administrator | Note Edited: 0000245 | |
| 2008-06-09 13:30 | administrator | Note Edited: 0000267 | |
| 2008-06-17 04:51 | administrator | Description Updated | |
| 2008-06-26 12:16 | administrator | Note Added: 0000382 | |
| 2008-06-29 19:16 | Tann San | Note Added: 0000386 | |
| 2008-06-29 19:16 | Tann San | Status | feedback => resolved |
| 2008-06-29 19:16 | Tann San | Fixed in Version | => 5.0.0 |
| 2008-06-29 19:16 | Tann San | Resolution | open => fixed |
| 2008-07-03 16:12 | administrator | Note Added: 0000408 | |
| 2008-08-23 14:16 | administrator | Description Updated | |
| 2008-08-23 14:17 | administrator | Note Edited: 0000056 | |
| 2008-08-23 14:17 | administrator | Note Edited: 0000084 | |
| 2008-09-25 21:28 | administrator | Additional Information Updated | |
| 2008-10-22 15:46 | administrator | Relationship added | related to 0000235 |
| 2008-10-22 15:52 | administrator | Note Added: 0000530 | |
| 2009-01-06 17:17 | administrator | Note Edited: 0000056 | |
| 2009-01-06 17:19 | administrator | Note Edited: 0000084 | |
| 2009-08-19 09:25 | administrator | Fixed in Version | 5.0.0 => 4.3.rc |
| 2009-08-19 09:38 | administrator | Target Version | 5.0.0 => 4.3.rc |
| 2010-03-08 10:12 | administrator | Category | Editing => editing |
