Reducing spam

Note: This is an old post in a blog with a lot of posts. The world has changed, technologies have changed, and I've changed. It's likely this is out of date and not representative. Let me know if you think this is something that needs updating.

We (PCF) have a MediaWiki instance that we use for a variety of PCF projects. Since we set it up, we've been plagued with spam. The spam is always exactly the same kind of thing: an account is created, an image is uploaded, a new page is created with the image and a link to some crap url.



Over the last month, Asheesh and I fiddled with MediaWiki configuration trying to strike a good balance between maximizing hassle-free contributions and minimizing spam. This most recent round was Asheesh's idea and it seems to be successful. Thus I'm documenting it here.

We installed the ConfirmEdit extension for MediaWiki. That gives us an additional addurl permission that MediaWiki doesn't have. I set this addurl permission to require a captcha and then I wrote my EmailConfirmedNonCaptcha captcha plugin for the ConfirmEdit extension.

The gist of the EmailConfirmedNonCaptcha plugin is that it always rejects the change with a nice message if the user isn't in the emailconfirmed group. That's it.

Now we have new user accounts created, but the accounts can't do anything because they're not made by humans and they're not confirming their email addresses. Thus this particular spam vector is dead in its tracks without hassling potential contributors.



I posted a "project page" with the code for the extension at But that disappeared when I left PCF. I moved the project over to on GitHub.


4/25/2011: Asheesh suggested I add some before and after screenshots.

4/25/2011 later: Correcting a totally silly thing I did by not mentioning that I worked with Asheesh on this. It was totally his idea. I just wrote it.

1/17/2012: I moved the project to GitHub and updated the urls in this blog entry to reflect that.

Want to comment? Send an email to willkg at bluesock dot org. Include the url for the blog entry in your comment so I have some context as to what you're talking about.