GSoC/GCI Archive
Google Code-in 2010 MoinMoin Wiki

textchas - make them more secure

completed by: rfw

mentors: Alexander Schremmer, ReimarBauer, Thomas Waldmann, Ronny Pfannschmidt



We have textchas (text captchas) to get rid of spammers. They help a bit as they are, but they are not fully cheating-proof.

You task is to make them proof against cheating (for spammers/attackers who writes moin-specific attack code)



  • the problem is kind of a "replay attack" - if the spammer broke one textcha, he might be able to script spamming re-using that one manually broken textcha
  • you'll likely have to use some server secret + random id + crypto to make the textchas tamper-proof
  • you have to discuss your ideas with moin devs before starting to implement
  • then, implement your solution for moin 1.9
  • test it
  • forward port your changes to moin/2.0-dev (there is textcha code also, but it is differently implemented, so just applying a patch won't work)
  • test it in moin2

Deliverables: patches or changesetes for moin/1.9 and moin/2.0-dev



Your code will help moin wiki admins / users world-wide to stay mostly spam-free.


Skill Requirements

See tags. A bit of basic crypto/signing/checking knowledge helps.


Note: unless otherwise noted, tasks usually refer to moin2 (!

You can discuss this issue in the MoinMoin wiki: