Captchas are randomly selected from storage when MediaWiki decides to serve them to users. Memcached is heavily used to cache the directory listings of captchas (there are several subdirectores based on hashes). To generate a new batch, the captchas must first be created by a python script in a temp directory and then copied into storage. Each captchas is just two English words concatenate together and stored in a png file. The file names contain information about the solution (though they are salted with a secret key) and thus listings of captchas in storage should be disabled for un-authenticated reads (e.g. end users).
Captchas should be made with a blacklist to avoid some of the more common offensive (though sometimes amusing) word combinations. They should also be readable (at least by CAPTCHA standards), so FreeMonoBoldOblique.ttf is a good font choice.
Making new CAPTCHAs
To create enough new captchas so that the rough total is, say, 10000, run the following command (on mwmaint1002):
mwscript extensions/ConfirmEdit/maintenance/GenerateFancyCaptchas.php aawiki --wordlist=/etc/fancycaptcha/words --font=/usr/share/fonts/truetype/freefont/FreeMonoBoldOblique.ttf --blacklist=/etc/fancycaptcha/badwords --fill=10000 --verbose
- Enable $wgCaptchaDeleteOnSolve (phab:T150049) now captchas are regenerated by cron?