On 20.11.2012 12:46, tj wrote:
Can I get lazy consensus on requiring users to request Mwiki accounts on
a ML? Temporarily or permanently, I don't know.
I agree that for the current spam attack this is the most reasonable
solution.
After that period the the registration captcha should become more
difficult for robots. In a related discussion from last June [1] Imacat
suggested to make the registration harder using stronger captchas. The
SimpleCatcha from the ConfirmEdit extension is too simple, but there are
plenty of other good alternatives [2].
[1] http://markmail.org/message/qmcwg4ibhhfb7ba7
[2] http://www.mediawiki.org/wiki/Extension:ConfirmEdit
If possible I also suggest to disable/remove all registrations that were
probably created by these spambots using e.g the criteria:
- signed up a for a while or contributions
- no edits/contributions whatsoever
Any Administrator ("sysop") can create a new user account. I will
research what change is required to block other sign-up methods.
Currently, Mwiki is under massive attack by spammers. Thanks to the
valiant efforts of volunteers Adailton, Helen russian, Pitonyak, and
Yak, we are staying even: the lifetime of spam may be a few hours, but
is usually only a few minutes.
However, the spammers are creating new spam accounts (the pattern in the
names is quite apparent) at a rate of one every minute or two, and 24/7.
We cannot survive that kind of onslaught indefinitely.
Thank you very much for fighting this!
On a related note I submitted [3] a MediaWiki feature request to default
to disabling registrations as being newsworthy enough for the
RecentChanges page.
[3] https://bugzilla.wikimedia.org/show_bug.cgi?id=42045
Herbert
