Improve wiki login security
@mcatanzaro
Submitted by Michael Catanzaro Assigned to Wiki maintainers
Link to original bug (#793433)
Description
We received a complaint regarding wiki.gnome.org:
You do not do email verification before creating the account.. I can therefore block out email addresses that do not belong to me. You should see an account for test@testhack.com. I do not own that email address and it does not exist.
Your captcha verification is pretty basic and asks me to fill in information into the footer. I assume you have limited number of these and could easily be checked by the hint on the page and filled in automatically.
I'm skeptical that these measures would actually reduce spam, but it couldn't hurt.
Also:
Ok, so I did a quick test and it seems you only have TWO captcha questions. Which is easy to automate by checking the page loaded.
Also, when I tried to reset my password... twice.. the token did not work and I > was loading the link immediately after receiving it.
Version: current