Topic on Extension talk:ConfirmEdit/Archive 03

QuestyCaptcha not preventing account creation

6
SheldonBole (talkcontribs)

I have QuestyCaptcha setup on my wiki. When I go to Request account, I see the QuestyCaptcha question, but whether I enter a correct or incorrect value the account request is processed, i.e. I see the resulting "Your account request has been sent and is now pending review. A confirmation email has been sent to your email address." Additionally, when I look under Open account requests the account request does appear there.

The site is on:

MediaWiki R1.34

PHP V 7.3.17

ConfirmEdit section in LocalSettings.php looks as follows:

// QuestyCaptcha Settings

   wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/QuestyCaptcha' ]);

   $wgCaptchaClass = 'QuestyCaptcha';

   # QuestyCaptcha questions:

       $wgCaptchaQuestions = [

           'How many fingers on one hand?' => [ 5, 'five' ],

       ];

       $wgMainCacheType = CACHE_ANYTHING;

       $wgCaptchaTriggers['createaccount'] = true;

Any guidance would be greatly appreciated!

Dinoguy1000 (talkcontribs)

It sounds like your wiki is configured to require all account registrations to be approved by an administrator/trusted user? ConfirmEdit/QuestyCaptcha may not have been tested in that type of environment, since no WMF wikis have such a setup.

SheldonBole (talkcontribs)

Hello Dinoguy1000, thanks for the suggestion. I am busy following up, as in I'm turning those settings off to see if I can get QuestyCaptcha to work, but have run into other, I hope unrelated, issues. So I'm sorting those issues before being able to test your suggestion. On Extension:ConfirmAccount it does specifically say:

"The ConfirmEdit extension can be used (in conjunction with the ConfirmAccount extension) in order to use captchas to stop flood requests."

However, I do understand from your suggestion you are specifically referring to QuestyCaptcha.

I have a few things I want to test... I'll be back.

SheldonBole (talkcontribs)

For anyone finding this thread, Extension:ConfirmEdit's QuestyCaptcha and Extension:ConfirmAccount don't play nicely!

When QuestyCaptcha's creataccount trigger is set to true, the question appears correctly on the account request form. However, incorrect answers to QuestyCaptcha have no effect and account requests are still submitted.


I have set $wgCaptchaTriggers['createaccount'] = false as the Captcha is not having any effect on account creations.


We decided to rather keep the account approval (through Extension:ConfirmAccount) and QuestyCaptcha functionality on the other Extension:ConfirmEdit's triggers. This has stopped fake accounts being created on our wiki at this stage.


For a brief period when I had:

$wgGroupPermissions['*']['createaccount'] = true; and

$wgCaptchaTriggers['createaccount'] = false;

We were inundated with fake account creations. Even though I had ConfirmAccount enabled. To solve this I set $wgGroupPermissions['*']['createaccount'] = false;. New users then need to "Request Account" through ConfirmAccount's functionality. This doesn't really affect user experience, but does stop bots creating fake accounts.

MyWikis-JeffreyWang (talkcontribs)

We are also encountering this issue. This is particularly problematic for us because we are still trying to prevent fake signup requests, as we need to keep our bounce rates down in order to stay on SES.

MyWikis-JeffreyWang (talkcontribs)
Reply to "QuestyCaptcha not preventing account creation"