Category: Spam protection (Anti-bot CAPTCHA)

Spam protection (Anti-bot CAPTCHA)
Show subcategories objects

Name Type
"Prevent automatic/robot registration:" interferes with OpenID
Problem noticed here:

{img src=images/code.png}%%% {CODE()}
I'm trying to log in with my OpenID. I don't have a wiki-translation.com account yet.

After validating my OpenID, I'm taken to a Tiki page that prompts me to create a new account on wiki-translation.com to associate with my OpenID. I enter a username and password, but then get the following error:

Wrong registration code

__Duplicate of {wish id=2204}__
tracker item
[mailto:text|text] doesn't have antispam protection
In 2.0 a new email {img src=pics/icons/email.png } syntax was added in quickatgs

{img src=images/code.png}%%% {CODE()} [mailto:text|text] {CODE}

But this prevents the spam protection code from working
tracker item
12.x: Multiple Delete+BanIp for spam registrations (like the feature coded already for Comments)
tracker item
tracker item
Add anti-spam protection on tracker forms, for anonymous users
When trackers are used for contact forms, they are sometimes spammed.
update by xavidp (Oct 4th 2008): using Tiki 2.1, feb12.css and trackers with mirror tables, an anonymous can insert a tracker item without filling the antibot captcha.
You can test it live on:

All fields are text except for "correu electrònic a moviments.net" which has to be "e-mail"-type.
tracker item
14.0 has got antibot writing permission problem
tracker item
User registration with anti-bot & user tracker for additional information not working
When a new user registered with anti-bot and user tracker for more user information getting error message that registration code is invalid.

Here are steps to reproduce the problem.

1) Setup user information tracker with couple of fields.
2) Go to registration page
3) Enter registration details and click 'register'
4) This will take you to new screen where user tracker information needs to be filled.
5) Once you fill the user tracker information and click 'Save'
6) You will get error message that registration code is invalid
tracker item
articles needs aids to fight spam (e.g. admins see tiki-list_submissions.php at info.tw.o)
I looked today at http://info.tikiwiki.org/tiki-list_submissions.php and there are nearly 300 spam submissions there so far, and no way to delete them in groups. Maybe that's why nobody noticed my prior submission as info.tw.o editor from last month...

(the user need to be in info.tw.o Admin group in order to see the spam list. If your users is just in the info.tw.o_editors group, you'll see nothing but your own submissions if any.)

A text box to select the amount of rows to be listed would be welcome, and multiple checkboxes to select some or all, like with users, etc.

By the way, how can anonymous spammers post submissions to info.tw.o? They can't through http://info.tikiwiki.org/tiki-edit_submission.php (at least, nowadays)... Spam hole somewhere?
tracker item
Add anti-spam protection on contact us, for anonymous users
Spamers are very annoying
tracker item
add antibot captcha for anons to newsletters, calendars and tracker item comments
add antibot captcha for anons to newsletters, calendars and tracker item comments
tracker item
Add CAPTCHA (anti-bot) support to article submission
Need to add CAPTCHA/anti-bot option when allowing anonymous submission of articles (tiki-edit_submission.php)
tracker item
Add CAPTCHA (anti-bot) support to suggest an FAQ feature
When allowing anonymous users to suggest a new FAQ question, need to include a CAPTCHA to eliminate spam.
tracker item
Add IP to syslog and/or action log when anons (at least) add content (for spam protection)
Add ip to syslog and/or action log, so that when anons (at least) are allowed to add content and it's spam (robots seem to be able to post with our current antibot captcha), there is way to identify the ip of the spammer.

So far, antibot captcha is added (in trunk, at least) to:
* wiki edit
* wiki page comments
* forum posts
* tracker item comments
* freetags
* calendar items
* newsletter subscription

The action of adding content on those features should be logged in syslog and/or action log and IP recorded.
tracker item
Anti-bot captcha is ignored and bypassed for tracker items submitted by Anonymous
tracker item
Antibot not working?
tracker item
Blacklist domains and words
Discussion over at ((Spam Protection))

tracker item
Clarify the way people should report Spam / rubbish issues on *.tiki.org
tracker item
Comments: anonymous editors must input anti-bot code:
For wiki pages, we have this option. It would be nice to port to comments so we could open our blogs to anonymous comments without getting spammed.
tracker item
Community Currencies
contact us mail address looks not converted

When I use contact us feature, mail address shows as webmaster(AT)kic(DOT)mine(DOT)nu
Then click send mail, it shows AT DOT DOT <webmasterkicminenu>

I use tikiwiki-1.9.7 on OpenSUSE-10.1, UTF-8 character code.

Please advice or give me a hint.

tracker item
email address -- Tiki-contact
In clean installs of both 1.9.7 and 1.10 I found that the email address entered in Tiki-Admin:General (Sender email)is reflected in Tiki-Contact the format user(AT)address(DOT)com. Example: the doc pages lead to the example at: http://security.tikiwiki.org/tiki-contact.php were the email address is also shown as: "click here to send us an email: security(AT)tikiwiki(DOT)org". All of my email clients parse this to an address of: AT DOT <securitytikiwikiorg>, which obviously does not work. I have viewed my pages on several different Linux and WinXP machines, all with the same results.

If have not gotten far enough in my setup to see if this "problem" surfaces elsewhere.

As I have not seen a bug report, nor other question on this issue I wonder if I am doing something wrong.

Thank you for for this fantastic project!
tracker item
enhancing spam fight and protection: from multiple comments to banning multiple ips with minimum clicks
This improvement in Tiki would be very welcome. After spammers add noise to your site (in one day, 10 comments to different places in your tiki from 10 different ip's!), it would be nice if there was the chance that the tiki admin can ban all those 10 ip's with a minimum number of clicks (besides removing many spam comments at once, which can be done already).

This is some possible way to add if (from the interface point of view):

{img src=img122}

Self explicative?
User selects multiple checkboxes, and clicks on some button below which sends all that information (those ip's from those comments) to fill admin banning data (storing the data already for the 10 ip's at once).
Alternatively, one by one, prefilling the interface one by one.

{img src=img123}
tracker item
Fatal error when using CAPTCHA Questions for comments.
tracker item
SPAM: Make it easier to delete a comment or edit and to ban that user
After deleting spam, we can ((doc:Ban)) users but this should be easier/faster.

Ex.: after deleting a comment or rollbacking a wiki revision, have a link to ban the user.

Or maybe a "ban user" link from tiki-adminusers.php
tracker item
Spam removal: tiki-view_forum.php?forumId=XX needs a select all to delete many threads at once
Comments are good in this respect
tracker item
Provide spammer test for new accounts
Using services like http://www.stopforumspam.com can help to identify and handle spam-related mail addresses trying to create an account.

stopforumspam provides an API to test a mail address against a "known spammer"-list. This could be used to warn an admin before confirming an account.
tracker item
Features Classification
tracker item
LTS: recaptcha 2.0 fatal error: Fatal error: Call to undefined function curl_init() on line 49
tracker item
Migrate @tiki.org off legacy server
tracker item
Wrong feedback to comment poster when Comments Moderation is on and post is not shown
tracker item
Need way to define class for ANTIBOT code
When Tiki adds the antibot code to a form or table, there is no specific class assigned to the TD or TR. Sometime this results in odd UI (because sometimes the table is NORMAL, sometimes FORM, someimtes FORMCOLOR, etc.)
tracker item
new zend recaptcha not displying in trunk when user tracker enabled
We were trying to have the new antibot captcha working in a Tiki site based on Tiki trunk (during TikiFestBarcelona2 - mid July 2010), were a user tracker was set to collect more information from users at registration time.

when we enabled zend new antibot-captcha , no antibot code was shown at registration time, because there seems to be some conflict with the user tracker.
Once the user tracker was disabled, the antibot-captcha was shown properly, etc.

Update: disaled the new zend antibot catpcha, in order to use the former simple captchaimage, but that one is not working either, if user tracker is on.
tracker item
No longer any way to have CAPTCHA for some items, but not others
In earlier Tiki versions, the CAPTCHA for the registration was separate from other anti-bot protection. It was possible to have CAPTCHA protection for some areas (such as comments and trackers) but not other areas (such as registration).

I have several sites that use "Require Admin Approval" and/or passcode options for Registration, so the CAPTCHA is not needed.

In Tiki 6, CAPTCHA was made global -- there is no longer any way to have CAPTCHA support for some items, such as comments, but not other items (such as registration).
tracker item
nofollow on hyperlinks
Please see:
tracker item
OpenID registration does not work with CAPTCHA
When using OpenID + Registration CAPTCHA...
With Tiki 2.2...

I attempted to register using my OpenID:

#On the Login page, I entered my OpenID.
#My OpenID was validated and Tiki shows the page where I can either associate my OpenID with an existing Tiki account, or register as a new user.
#I completed the registration form (including the correct CAPTCHA), but Tiki keeps saying that the Anti-bot code was incorrect.

Additionally, the registration form presented with the OpenID __does not__:
*Display the password minimum requirements (such as number of characters).
*Allow for the selection of groups.

__Duplicate of {wish id=1505}__
tracker item
Recaptcha V2 should be displayed in the same language than the Tiki selected language
tracker item
Registration on tiki.org is a too hard and may kill the site
tracker item
Spam filtering: Bad Behavior or Mollom or Akismet, Defensio or TypePad AntiSpam
Here are some options

See: ((Spam Protection))
tracker item
Spam protection: email is obfuscated in javascript, generate image when no javascript is available
In Tiki 1.10, there is a feature to protect all emails against spam harvesters. Great.

1- Check that this protection is indeed powerful (so spammers can't get around it)

2- Have an option to show an image of the email when javascript is not available.

3- Extend this protection to [tiki-view_tracker_item.php?itemId=1147|the e-mail address in tiki-contact.php]
tracker item
tiki-register.php should not ask for anti-bot number if GD is not working
There should be a note, only visible to tiki_p_admin that the anti-bot code is not currently here because the GD lib is not there.
tracker item
Trackback spam: better protection and easier to cleanup
I noticed today a bunch of trackback spam in my Tiki-powered blog.

According to Wikipedia, "Many blogs have stopped using trackbacks because dealing with spam became too burdensome."

If you get trackback spam in Tiki, here is how to clean:

Using phpmyadmin, go to the table: tiki_blog_posts

And find the colums "trackbacks_to" and "trackbacks_from". They should contain:


instead of the spam.

Now, a more permanent solution to avoiding Trackback spam would be nice. Checking how other blogging software does it should provide some tips.

Some ideas:
0- A way to turn it off (this exists in more recent version of Tiki 1.9.x, see "Trackbacks Pings" in the admin panel)
1- Easier mass deletion
2- Email notification to blog owner
3- Using an online service to check for spam.
tracker item
use of punctuation removes antispam protection
When typing an email address in a wiki page, Tiki can automatically protect the address.

For example: foo@bar.com

But, if you enclose the email address with punctuation, the anti-spam protection is lost.

For example: (foo@bar.com)
tracker item


The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Articles & Submissions
BigBlueButton audio/video/chat/screensharing
Browser Compatibility
Communication Center
Contacts Address book
Contact us
Content template
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Draw -superseded by Diagram
Dynamic Content
Dynamic Variable
External Authentication
Featured links
Feeds (RSS)
File Gallery
Friendship Network (Community)
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Inter-User Messages
Kaltura video management
Live Support
Logs (system & action)
Lost edit protection
Meta Tag
Missing features
Visual Mapping
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Performance Speed / Load / Compression / Cache
Revision Approval
Search engine optimization (SEO)
Semantic links
Shopping Cart
Site Identity
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Staging and Approval
Syntax Highlighter (Codemirror)
Tell a Friend
Terms and Conditions
Token Access
Toolbar (Quicktags)
User Administration
User Files
User Menu
Webmail and Groupmail
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives

Useful Tools