On Thu, 25 Apr 2013, Sietse Brouwer wrote:
We're getting 3-12 new accounts created per day. If nothing else, they're cluttering up the recent changes list.
I think it's a good idea to update the security questions --- it's easy to do, it'll probably work, and we can always move on to stronger measures that require more work. Below are some replacemetn questions.
* If you have a log of which questions get answered correctly, perhaps only rotate out the bad question(s); * If finding the cracked questions is nontrivial (i.e. more work than 'just open the log file and see which ones get answered every day'), just replace them all.
If this works, hooray; if it stops working, we can either change the questions again (if the spammers took long to get through) or move on to e.g. the ConfirmAccount extension [1,2] (if the questions got cracked quickly, so we are getting 'human' attention from the spammer instead of his bots).
Confirm account means that a new user will not be able to quickly correct typos etc. Isn't there a simple way to add a captcha to mediawiki. I am not a big fan of Captchas, but the are the de facto standard for human verification. A user only has to do it once, so it is not too big of an annoyance either. Aditya