Abstract

We have textchas (text captchas) to get rid of spammers. They help a bit as they are, but they are not fully cheating-proof.

You task is to make them proof against cheating (for spammers/attackers who writes moin-specific attack code)

Details

• the problem is kind of a "replay attack" - if the spammer broke one textcha, he might be able to script spamming re-using that one manually broken textcha
• you'll likely have to use some server secret + random id + crypto to make the textchas tamper-proof
• you have to discuss your ideas with moin devs before starting to implement
• then, implement your solution for moin 1.9
• test it
• forward port your changes to moin/2.0-dev (there is textcha code also, but it is differently implemented, so just applying a patch won't work)
• test it in moin2

Deliverables: patches or changesetes for moin/1.9 and moin/2.0-dev

Benefits

Your code will help moin wiki admins / users world-wide to stay mostly spam-free.

Skill Requirements

See tags. A bit of basic crypto/signing/checking knowledge helps.

Links

Note: unless otherwise noted, tasks usually refer to moin2 (http://moinmo.in/MoinMoin2.0)!

• http://hg.moinmo.in/moin/2.0-dev repository of moin2

• http://hg.moinmo.in/moin/1.9 repository of moin 1.9

You can discuss this issue in the MoinMoin wiki: http://moinmo.in/EasyToDo/textchas%20-%20make%20them%20more%20secure