New User Flood
← Thread:User talk:Chase-san/New User Flood/reply (19)
I decided to try the registration process. We do have a math question and a number image recognition images. But these bots are advanced. They clearly can parse/recognize numbers and do simple math with them.
I think we need at least one captcha which deals with something but numbers and we need it asap. My rss feed is spammed by new registration announcements way more often than I wish to know.
Or, as Rednaxela noted above, they could just be outsourcing it to humans. Though if they are advanced bots, we could try something like Asirra, which makes users select only photos which have a certain type of animal in them, though it seems Asirra itself won't be around for much longer. (Voidious, since you use Asirra for the BerryBots wiki, you may also want to look into a new captcha system.)
We might want to consider locking registration until we can come up with a solution. The wiki isn't particularly active at the moment and there has been 166 registrations since they started on September 23 (and 1 which is questionable). None of them have posted a single thing. That averages about to around 10-11 new users a day.
I guess that would be fine for a few days, but if someone's willing to go to that trouble, why not just implement one of the solutions that have already been proposed, such as deleting accounts that only post with external links in their first few days, or your suggestion to have a hidden textbox that must be left blank?
You do not have permission to edit this page, for the following reasons:
You can view and copy the source of this page.
Return to Thread:User talk:Chase-san/New User Flood/reply (23).
Account creation temporarily disabled while I investigate what the best solution will be (starting with taking a close look at the server logs from the bad attempts)
Account creation is re-enabled.
I removed reCaptcha but in exchange made the math question slightly trickier. I also obfuscated the input field name to be a random string, and added two decoy fields like you mentioned Chase. One decoy is also named with a random string of the same form as the real one (and the ordering in the DOM is swapped at random), and the other decoy has the fixed field name that is normally used for a math captcha on Mediawiki.
We'll see if this keeps them out.
While I was at it, I also cleared out inactive users with a maintenance script.