[Pdx-pm] Kwiki - is captcha broken in some way?

Keith Lofstrom keithl at kl-ic.com
Wed Nov 17 08:47:37 PST 2010

I am using moin moin for most of my wikis, but I am still using
Kwiki for some of the older ones - I have not had time to do a
laborious content migration.  

I set up the Scode 6 digit captcha system, but that did not stop
the bad guys.  I assumed they had a room full of pennies-a-day
third world workers reading the captchas and typing them in.  

So I diddled the captcha code, asking the user to jump through
the slight hoop of subtracting the displayed number from 999999,
changing a few lines of code to implement.  A quick fix, I
thought, a small effort for real users but too much effort for a
bot or a person who can't read english or too busy for mental math.

Three days later, more wikispam.  I'm going to change the 
algorithm again, not disclosing it, but I suspect I will get
even more wikispam, because the bad guys have some way of
circumventing the captcha. 

PDX perlmongers uses Kwiki - is there a good way to keep the
vandals out, beyond locking down write permissions on the server?  
Is there a known flaw in Scode?  Is there some automated way to
migrate Kwiki to Moin?  Is there some way to track the vandals
back to their home, and hack WOPR/NORAD to glass their city?  :-\


Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs

More information about the Pdx-pm-list mailing list