3.) Install something like http://www.mediawiki.org/wiki/Extension:ConfirmAccount and/or maybe use both captcha and some context-specific question

Adding an actual captcha seems like the way to go; it may not prevent all automated account creations, but it clearly filters much better than a static list of questions with plain-text answers. Arthur

On Fri, 5 Apr 2013 15:59:47 +0200 Mojca Miklavec wrote:

some context-specific question (honestly: if users don't know how to answer some slightly more tricky question, they shouldn't be able to get the account). We could use questions like "Last name of president of ConTeXt User Group."

Uh... ? Why not some *really* tricky question like: "what keyword is to be used to right-justify?" :) Alan

Hi Taco, We're getting 3-12 new accounts created per day. If nothing else, they're cluttering up the recent changes list. I think it's a good idea to update the security questions --- it's easy to do, it'll probably work, and we can always move on to stronger measures that require more work. Below are some replacemetn questions. * If you have a log of which questions get answered correctly, perhaps only rotate out the bad question(s); * If finding the cracked questions is nontrivial (i.e. more work than 'just open the log file and see which ones get answered every day'), just replace them all. If this works, hooray; if it stops working, we can either change the questions again (if the spammers took long to get through) or move on to e.g. the ConfirmAccount extension [1,2] (if the questions got cracked quickly, so we are getting 'human' attention from the spammer instead of his bots). [1] http://www.mediawiki.org/wiki/Extension:ConfirmAccount [2] http://www.stargate-wiki.de/wiki/Spezial:Benutzerkonto_beantragen Cheers, Sietse The proposed questions: * What command indicates 'text starts here'? (Include the backslash.) \starttext * What command is used to setup the bodyfont? (Include the backslash.) \setupbodyfont * What is the last name (starts with K) of the man who created TeX? Knuth * What is the first name (7 letters, starts with H) of Mr Zapf? Hermann * How many letters does 'stoptext' contain? (Please type out the number as a word.) Eight

Confirm account means that a new user will not be able to quickly correct typos etc. Isn't there a simple way to add a captcha to mediawiki.

Just found one (I had missed it when I sent my previous e-mail): http://www.mediawiki.org/wiki/Extension:ReCAPTCHA, nowadays merged into http://www.mediawiki.org/wiki/Extension:ConfirmEdit (which is not ConfirmAccount). ConfirmEdit can be configured to only present captchas to non-logged-in users, when they try to edit or create a page, or create an account. Might that be useful? Or we could go old-school copy protection style: "What is the fifth word on page 120 of the TeXbook?" :-P If we want to have a slightly higher barrier of entry: "Name one undocumented command that you recently heard about on the mailing list." ;-) Cheers, Sietse

Am 26.04.2013 um 10:57 schrieb Alan BRASLAU :

On Thu, 25 Apr 2013 23:52:56 +0200 Sietse Brouwer wrote:

...

Or we could go old-school copy protection style: "What is the fifth word on page 120 of the TeXbook?" :-P

\TEX

Maybe \TeX\ but not \TEX\ which is a \CONTEXT\ command and not available with plain \TeX. Wolfgang

On 04/25/2013 07:31 PM, Sietse Brouwer wrote:

Hi Taco,

We're getting 3-12 new accounts created per day. If nothing else, they're cluttering up the recent changes list.

I think it's a good idea to update the security questions --- it's easy to do, it'll probably work, and we can always move on to stronger measures that require more work. Below are some replacemetn questions.

Yes, I had already contacted Mojca a couple of weeks ago. I think we should demand that all questions be answered in Dutch. Every serious ConTeXter has to know some Dutch, and nothing better than asking "What is the ConTeXt keyword for a two-sided layout" and expecting "dubbelzijdig" as an answer. If that doesn't help, we make them pronounce it... Thomas

Hello, On Thu, 25 Apr 2013 20:19:41 +0200, Thomas A. Schmitz wrote:

On 04/25/2013 07:31 PM, Sietse Brouwer wrote:

...

Hi Taco,

...

I think it's a good idea to update the security questions --- it's easy to do, it'll probably work, and we can always move on to stronger measures that require more work. Below are some replacemetn questions.

Yes, I had already contacted Mojca a couple of weeks ago. I think we should demand that all questions be answered in Dutch. Every serious ConTeXter has to know some Dutch,

even though I consider myself a serious Ctx user, Dutch is still Greek to me.

and nothing better than asking "What is the ConTeXt keyword for a two-sided layout" and expecting "dubbelzijdig" as an answer.

Goggle translator would help in this case (http://translate.google.com/#en/nl/doublesided); but having a "more complicated keyword/option" may mean a unanswered/unanswerable question... How about to prompt the user to encode a displayed math, e.g. "b/a2^3" to be answered "$\frac{b}{a_2^3}$"? Best regards, Lukas

If that doesn't help, we make them pronounce it...

Thomas

-- Ing. Lukáš Procházka [mailto:LPr@pontex.cz] Pontex s. r. o. [mailto:pontex@pontex.cz] [http://www.pontex.cz] Bezová 1658 147 14 Praha 4 Tel: +420 244 062 238 Fax: +420 244 461 038

Hi, Currently we are using QuestyCaptcha w/ ConfirmEdit. This is definitely supposed to be safer than bitmap images unless the images become so complex that even humans get it wrong, which has happened for me on various sites and is the most annoying thing in, like, ever! I do not mind adding new questions and/or replacing all of them, but it is a bad idea to send the new ones to the mailing list, since somehow a spamnet seems to have found the answers and I doubt that they actually went to the trouble of looking up the answers on pragma-ade.com (but then again, weirder stuff has happened). For now, I will quickly invent some of my own questions. Best wishes, Taco

On Fri, 26 Apr 2013 08:55:52 +0200 "Thomas A. Schmitz" wrote:

Well, in that case, I'd actually prefer Greek - "write line 222 of book 2 of the Odyssey in its original Greek," or something like that...

That's too easy: σῆμά τέ οἱ χεύω καὶ ἐπὶ κτέρεα κτερεΐξω :)