CAPTCHA For LinkSpam

OurWork

Project: SpamMitigation

What (summary)

Require a captcha when adding an external link (or image link) to a page for anonymous users or when creating a new account.

Why this is important

For four days in a row we've been getting hit by 1000-4000 spambot edits per day. This is taking a person-week to deal with each time it happens. We could use the people on creative "high yield" work rather than the drudgery of undoing spam if this type of edit were prevented.

By making this also apply to external image links, this encourages a) creating an account instead to upload images directly; b) images that are internal can be resized, while external image links don't resize as well; c) external images are more susceptible to changes (servers going down, malicious image changes, etc).

Additionally, from a broader standpoint, we should be encouraging internal links (images and wiki links) over external ones anyway and the captcha system might help point us in this direction.

DoneDone

• Anonymous edits that add external links (including images) require a captcha (may be disabled by flag)
• Require captcha on account creation (may be disabled by flag)

Links

• reCAPTCHA extension

Steps to get to DoneDone

• Get the site specific encryption keys(public and private) for AboutUs.org
• Add the extension directory
• Modify LocalSettings.php to include the extension
• Check for conflicts with software modifications
• Review the permissions settings for the extension
• Test the Captcha with Sysop users, logged in users and non-logged in users

Config Info

ConfirmEdit introduces a ['skipcaptcha'] for wgGroupPermissions. This is useful for groups that shouldn't see captchas ever. (Bots and Sysops)

Defaults from ConfirmEdit.php:

$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

There are four triggers that can generate a captcha and allow for different situations.

• $wgCaptchaTriggers['edit'] = true; -- Would check on every edit
• $wgCaptchaTriggers['create'] = true; -- Check on page creation.
• $wgCaptchaTriggers['addurl'] = true; -- Check on edits that add URLs
• $wgCaptchaTriggers['createaccount'] = true; -- Check on account creation.
• $wgCaptchaTriggers['badlogin'] = true; -- Check after a failed log-in attempt.

Default triggers from ConfirmEdit.php:

$wgCaptchaTriggers['edit']          = false; 
$wgCaptchaTriggers['create']        = false; 
$wgCaptchaTriggers['addurl']        = true; 
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin']      = true;

Image Test