Extension:ConfirmEdit

ConfirmEdit 확장은 다양한 CAPTCHA 기술을 사용하여 스팸봇과 기타 자동화 도구가 위키를 편집하지 못하도록 방지하고, 비밀번호를 추측하려는 자동 로그인 시도를 포기하게 해줍니다.

ConfirmEdit는 captcha를 생성하기 위한 여러 기술/모듈과 함께 제공됩니다.

이러한 모듈 중 일부에는 추가 설정 작업이 필요합니다:

• MathCaptcha requires both the presence of TeX and, for versions of MediaWiki after 1.17, the Math extension;
• FancyCaptcha requires running a preliminary setup script in Python.

CAPTCHA는 접근성을 감소시키고 인간 사용자에게 불편을 끼칩니다.

그것들은 역시 봇에 대해 100% 효과적이지 않고, CAPTCHA를 통과하기 위해 인간의 노동력을 사용할 의향과 능력이 있는 스패머로부터 위키를 보호하지 않습니다. 다른 스팸 방지 기능과 함께 ConfirmEdit을 사용할 수도 있습니다. 사용하는 솔루션에 관계없이 공개적으로 편집 가능한 위키가 있는 경우 "Recent changes" 페이지를 계속 모니터링하는 것이 중요합니다.

미디어위키 확장 내려받기 지면에서 해당하는 버전을 다운로드하고 위키의 extensions 디렉토리에 ConfirmEdit에 푸십시오.

또는 개발자와 코드 기여자는 대신 다음을 사용하여 Git에서 확장 프로그램을 설치해야 합니다.

cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit

미디어위키 설정 LocalSettings.php에 다음을 추가하십시오:

wfLoadExtension( 'ConfirmEdit' );

이 확장에 필요한 필수 데이터베이스 테이블을 자동으로 생성하는 업데이트 스크립트를 실행하십시오:

cd /var/www/html/w
php maintenance/run.php ./maintenance/update.php

사용되어야 할 CAPTCHA 유형을 활성화하십시오.

필요하다면, 설정하십시오.

Special:Version에 접근해서 확장이 정상적으로 설치가 되었는지 확인하십시오.

만약 Vagrant를 사용하면, vagrant roles enable confirmedit --provision을 사용하여 설치하십시오.

ConfirmEdit에 포함된 많은 다른 CAPTCHA 유형이 있습니다.

이 모듈은 질문을 제시하고 사용자가 대답을 제공합니다. 구성에서 질문을 제공합니다. 이 모듈은 스팸 봇에 대한 강력한 메커니즘을 제공하는 것으로 입증되었습니다; 그것은 역시 더 나은 접근성의 이점을 가져야 하는데, 왜냐하면 시각적 장애가 있는 사용자 (봇이 아닌)가 정확하게 대답할 수 있도록 텍스트-음성-변환 소프트웨어로 텍스트 질문을 읽어줄 수 있기 때문입니다.

LocalSettings.php에 다음을 추가하여, 이 CAPTCHA를 활성화하고, Q&A를 편집하십시오:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/QuestyCaptcha' ]);

// 다음 형식을 사용하여 LocalSettings.php에 질문을 추가하십시오:
$wgCaptchaQuestions = [
	'What is the capital of France?' => 'Paris',
	'What is the capital of Spain' => 'MADRID', // 대답은 대소-문자를 구별하지 않습니다.
	'What is the name of this wiki?' => $wgSitename, // 변수를 사용할 수 있습니다.
	'How many fingers does a hand have?' => [ 5, 'five' ], // 질문에 여러 가지 대답이 만들 수 있습니다.
];

확장은 제공된 질문 중에서 무작위로 질문을 선택할 것입니다.

최솟값은 1입니다.

• QuestyCaptcha는 대소-문자를 구분하지 않습니다. 만약 대답이 "Paris"이고, 사용자가 "paris"라고 쓰거나, 답변이 "paris"이고 사용자가 "Paris"라고 쓰더라도 여전히 작동합니다.
• 만약 대답에 "ó"와 같은 특수 문자가 있으면, "ó"와 함께 답을 만들거나, 또는 답변에 해당 문자없이도 만들 수 있습니다. 예를 들어, 만약 대답이 "canción"인 경우에는, 사용자가 게으르거나 (또는 무지한 경우에) [ 'cancion', 'canción' ]을 사용하고, 답변을 "cancion"로 쓸 수 있습니다.
• 대답은 당신의 위키에 관심이 있는 사람에게는 짐작할 수 있어야 하지만, 자동 프로그램(답변 생성기)으로는 쉽지 않습니다. 이상적으로는, 질문의 텍스트에 포함되어서는 안됩니다; 당신은 captcha 도움말 메시지^[1]를 시도하고 편집할 수 있으며, 거기에서 captcha 응답에 대한 해결책을 제공할 수 있습니다.
• 효과가 없다고 판명되면 질문을 변경하십시오; 만약 위키가 특별히 타킷팅되지 않은 경우에는 결코 발생하지 않을 수 있습니다.
• 과거에 귀하 또는 다른 사람들이 이미 사용한 질문을 재사용하지 마십시오: 스팸봇은 한번 깨뜨린 질문과 답변을 영원히 기억하는 것으로 알려져 있습니다.
• You can even dynamically generate questy captchas in the configuration. DO NOT use an exact copy of the dynamic questions from the link. Spammers have cracked them. However, other dynamic questions are highly effective in the style of the questions presented.
• There is a separate extension to ConfirmEdit called QuestyCaptchaEditor which provides an on-wiki special page for managing QuestyCaptcha question+answer(s) pairings. You may wish to consider installing it if it's desirable to reduce sysadmin intervention when it comes to managing the CAPTCHA questions and their answers.

The new generation of ReCaptcha, called NoCaptcha, was introduced by Google back in December 2014 and reduces the need for humans to solve a CAPTCHA.^[2] Based on a user-side JavaScript (which can't be controlled by the user, the administrator), reCaptcha tries to identify the site user as a human by analyzing their browsing behavior on the page. The user then has to click an "I'm not a robot" checkbox and (in the best case) doesn't have to do anything further to prove they're a human. In some cases, the user still has to solve a CAPTCHA image.

This module implements the new ReCaptcha NoCaptcha solution in ConfirmEdit.

You still need a public and a secret key (which you can retrieve from the ReCaptcha admin panel – change v2, v3 not work) and install the plugin with:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/ReCaptchaNoCaptcha' ]);
$wgReCaptchaSiteKey = 'your public/site key here';
$wgReCaptchaSecretKey = 'your private key here';

There is an additional configuration option for this module, $wgReCaptchaSendRemoteIP (default: false), which, if set to true, sends the IP address of the current user to a server from Google while verifying the CAPTCHA. You can improve the privacy for your users if you keep this set to false. However, remember that this module adds a client-side JavaScript code, directly loaded from a server from Google, which already can collect the IP address of the user (combined with other data, too) and can not be limited by a configuration option. This will only work on the standard MediaWiki editor.

Currently, there is no official way to implement version 3 of Google reCAPTCHA.

This is the default CAPTCHA.

This module provides a simple addition or subtraction question for the user.

Add the following lines to LocalSettings.php in the root of your MediaWiki to enable this CAPTCHA:

$wgCaptchaClass = 'SimpleCaptcha';

Note that the display of a trivial maths problem as plaintext yields a captcha which can be trivially solved by automated means; as of 2012, sites using SimpleCaptcha are receiving significant amounts of spam and many automated registrations of spurious new accounts. Wikis currently using this as the default should therefore migrate to one of the other CAPTCHAs.

This module displays a stylized image of a set of characters.

Pillow must be installed to create the set of images initially, but isn't needed after that (can be installed with pip install Pillow in most environments).

1. Add the following lines to LocalSettings.php in the root of your MediaWiki installation:

   wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/FancyCaptcha' ]);
$wgCaptchaClass = 'FancyCaptcha';

2. In LocalSettings.php, set the variable $wgCaptchaDirectory to the directory where you will store Captcha images. Note: use the absolute directory path or relative to your wiki's installation directory Below it set $wgCaptchaSecret to your passphrase.
3. Create the images by running the following:

   python /path/to/captcha.py --font=<font> --wordlist=<wordlist> --key=<key> --output=<output> --count=<count>

   • where font is a path to some font, for instance AriBlk.TTF.
   • wordlist is a path to some word list, for instance /usr/share/dict/words. (Note: on Debian/Ubuntu, the 'wbritish' and 'wamerican' packages provide such lists. On Fedora, use the 'words' package)
   • key is the exact passphrase you set $wgCaptchaSecret to. Use quotes if necessary.
   • output is the path to where the images should be stored (defined in $wgCaptchaDirectory).
   • count is how many images to generate.
   • An example, assuming you're in the extensions/ConfirmEdit directory (font location from Ubuntu 6.06, probably different on other operating systems):

   python captcha.py --font=/usr/share/fonts/truetype/freefont/FreeSans.ttf --wordlist=/usr/share/dict/words --key=FOO --output=../../../captcha --count=100

   • If you are not satisfied with the results of the words you've generated, you can remove the images and create a new set. Comic_Sans_MS_Bold.ttf seems to generate relatively legible words, and you could also edit the last line of captcha.py to increase the font size from the default of 40.
4. Put the images you get into captcha directory in your installation.
5. Edit your wiki's LocalSettings.php : specify the full path to your captcha directory in $wgCaptchaDirectory and secret key you've been using while generating captures in $wgCaptchaSecret.

$wgCaptchaDirectory = "/.php-data/my-wiki.org/wiki/captcha";
$wgCaptchaDirectoryLevels = 0; // Set this to a value greater than zero to break the images into subdirectories
$wgCaptchaSecret = "FOO"; // Same value you used in --key option in captcha.py

See also wikitech:Generating CAPTCHAs for how the Wikimedia Foundation does it.

How to avoid common problems running Python on Windows

1. Install the most recent version of Pillow.
2. Make the installation of Python on a short folder name, like C:\Python\
3. Create a folder like C:\Ex and place files CAPTCHA.py / FONT.ttf / LIST.txt into the folder.
4. To execute easily, run the following example as a batch file:

C:\python\python.exe C:\Ex\CAPTCHA.py --font C:\Ex\FONT.ttf --wordlist C:\Ex\LIST.txt --key=YOURPASSWORD --output C:\Ex\ --count=20

This module generates an image using TeX to ask a basic math question.

Set the following to enable this CAPTCHA:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/MathCaptcha' ]);

See the README file in the math folder to install this captcha.

See https://www.hcaptcha.com/

The configuration is similar to ReCaptcha:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/hCaptcha' ]);
$wgHCaptchaSiteKey = 'your public/site key here';
$wgHCaptchaSecretKey = 'your private key here';

$wgHCaptchaSendRemoteIP is also available.

The configuration is similar to #ReCaptcha or #hCaptcha:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/Turnstile' ]);
$wgTurnstileSiteKey= 'your public/site key here';
$wgTurnstileSecretKey= 'your private key here';

$wgTurnstileSendRemoteIP is also available.

ConfirmEdit introduces a 'skipcaptcha' permission type to wgGroupPermissions . This lets you set certain groups never to see CAPTCHAs. All of the following can be added to LocalSettings.php.

Defaults from ConfirmEdit.php:

$wgGroupPermissions['*']['skipcaptcha'] = false;
$wgGroupPermissions['user']['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot']['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop']['skipcaptcha'] = true;

To skip captchas for users who confirmed their email, you need to set both:

$wgGroupPermissions['emailconfirmed']['skipcaptcha'] = true;
$wgAllowConfirmedEmail = true;

The following conditions can trigger a CAPTCHA to be displayed:

• 'edit' - triggered on every attempted page save
• 'create' - triggered on page creation
• 'sendemail' - triggered when using Special:Emailuser
• 'addurl' - triggered on a page save that would add one or more URLs to the page
• 'createaccount' - triggered on creation of a new account
• 'badlogin' - triggered after several failed login attempts from the same IP address
• 'badloginperuser' - triggered after several failed login attempts using the same username

The default values for these are:

$wgCaptchaTriggers['edit'] = false;
$wgCaptchaTriggers['create'] = false;
$wgCaptchaTriggers['sendemail'] = false;
$wgCaptchaTriggers['addurl'] = true;
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin'] = true;
$wgCaptchaTriggers['badloginperuser'] = true;

The triggers edit, create and addurl can be configured per namespace using the $wgCaptchaTriggersOnNamespace setting. If there is no $wgCaptchaTriggersOnNamespace for the current namespace, the normal $wgCaptchaTriggers apply. So suppose that in addition to the above $wgCaptchaTriggers defaults we configure the following:

$wgCaptchaTriggersOnNamespace[NS_TALK]['addurl'] = false;
$wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true;

Then the CAPTCHA will not trigger when adding URLs to a talk page, but on the other hand user will need to solve a CAPTCHA any time they try to edit a page in the project namespace, even if they aren't adding a link.

It is possible to define a whitelist of known good sites for which the CAPTCHA should not kick in when the 'addurl' action is triggered.

Sysop users can edit the system message page called MediaWiki:Captcha-addurl-whitelist.

The expected format is a set of regex's one per line.

Comments can be added with # prefix.

You can see an example of this usage on OpenStreetMap.

This set of whitelist regexes can also be defined using the $wgCaptchaWhitelist config variable in LocalSettings.php, to keep the value(s) a secret.

Some other variables you can add to LocalSettings.php:

• $wgCaptchaWhitelistIP - List of IP ranges to allow to skip the CAPTCHA (you can also use MediaWiki:Captcha-ip-whitelist; see below for details).
• $wgAllowConfirmedEmail - Allow users who have confirmed their e-mail addresses to post URL links.

These are described more thoroughly in the code comments

MediaWiki:Captcha-ip-whitelist can change the whitelisted IP addresses and IP ranges on the wiki.

They should be separated by newlines.

If any other character (apart from a valid IP address or range) is found on a line, it will be ignored, but leading and trailing whitespace characters are allowed.

For example, a line with only 127.0.0.1 is considered valid but #127.0.0.1 will be ignored.

The global variable wgCaptchaRegexes accepts an array of regexes to be tested against the page text and triggers the CAPTCHA if a match is found.

When using the badlogin or badloginperuser triggers, the following configuration variables control how many failed login attempts per-IP and per-user are allowed before a CAPTCHA is required, and how long it takes until the CAPTCHA requirement expires:

$wgCaptchaBadLoginAttempts = 3;
$wgCaptchaBadLoginExpiration = 300; // 300 seconds = 5 minutes
$wgCaptchaBadLoginPerUserAttempts = 20;
$wgCaptchaBadLoginPerUserExpiration = 600; // 600 seconds = 10 minutes

The triggers require $wgMainCacheType to be set to something other than CACHE_NONE in your LocalSettings.php, if in doubt the following will always work.

$wgMainCacheType = CACHE_ANYTHING;

Note that these triggers do not trigger CAPTCHAs on API login but block them outright until the CAPTCHA requirement expires.

For example, Wikimedia Foundation wikis use FancyCaptcha with a custom set of images and the default configuration, modified by what follows.

$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;

This means only unregistered and newly registered users have to pass the CAPTCHA.

Additionally, the shortcut named $wmgEmergencyCaptcha is designed for use in a limited number of emergencies, for instance, in case of massive vandalism or spam attacks: it changes the default trigger values (see above) into the following:

$wgCaptchaTriggers['edit'] = true; 
$wgCaptchaTriggers['create'] = true;

So, in addition to the normal situation, all anonymous and new users have to solve a CAPTCHA before being able to save an edit or create a new page.

ConfirmEdit supports rate limiting for false CAPTCHA.

For more information about $wgRateLimits and how to set it up, read Manual:$wgRateLimits , the action key is badcaptcha.

The basic framework was primarily designed by Brion Vibber, who also wrote the SimpleCaptcha and FancyCaptcha modules.

The MathCaptcha module was written by Rob Church.

The QuestyCaptcha module was written by Benjamin Lees.

Additional maintenance work was done by Yaron Koren.

• mw:Anti-spam features
• Extension:ConfirmAccount
• mw:Extension:InviteSignup
• mw:Extension:SpamRegex
• Manual:$wgSpamRegex

이 확장은 하나 이상의 위키미디어 프로젝트 또는 다움위키에서 사용되고 있습니다. 이것은 아마도 확장이 안정적이고 높은-트래픽 웹 사이트에서 사용되기에 충분히 잘 작동한다는 것을 의미합니다. 위키미디어의 CommonSettings.php 및 InitialiseSettings.php 구성 파일에서 이 확장의 이름을 찾아 설치 위치를 확인하십시오. 특정 위키에 설치된 확장의 전체 목록은 위키의 Special:Version 페이지에서 볼 수 있습니다.