I can't vouch for this as I haven't tried it, but was posted on mediawiki-l recently:
http://www.fxparlant.net/Category:Mediawiki#Captcha

foenyx wrote:

read also http://www.w3.org/TR/2003/WD-turingtest-20031105/ about «
Inaccessibility of Visually-Oriented Anti-Robot Tests ».

rowan.collins wrote:

(In reply to comment #0)

Somebody has registered about 250+ false usernames to my young wiki, and I fear
that they are gearing up for an attack. It isn't clear if there is a way for me
to find out their IP address, delete the accounts, or mass-block them.

With an administrator login, you can block IPs and/or users by using the page
[[Special:Blockip]] on your wiki. This may require one or more of the variables
listed at
http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be
set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help
page this minute.

bugzilla.wikipedia.org wrote:

I will look into adding that to the registration page before I reopen registration.

If a wiki gets hammered before it even has enough users to police it, then
_nobody_ will be able to use it, vision-impared or otherwise. There are audio
captcha options as well.

Obviously, some bot has made these registrations, and there should be some way
to prevent this from happening.

bugzilla.wikipedia.org wrote:

(In reply to comment #3)

With an administrator login, you can block IPs and/or users by using the page
[[Special:Blockip]] on your wiki. This may require one or more of the variables
listed at
http://meta.wikimedia.org/wiki/Help:Configuration_settings_index#Access to be
set, such as "$wgSysopUserBans = true;", but I couldn't find a relevant help
page this minute.

As far as I can tell, there isn't any way to block the accounts without doing it
one at a time. If there were a way to find the IP address of a user one could
block it...

bugzilla.wikipedia.org wrote:

http://folktunes.org/wiki/Special:Listusers
Is this a new vandalbot? It has made the user page useless.

rowan.collins wrote:

(In reply to comment #5)

As far as I can tell, there isn't any way to block the accounts without doing it
one at a time. If there were a way to find the IP address of a user one could
block it...

I think, although I'm not 100% sure, that with "$wgSysopUserBans=true;" any ban
of a user account will also create a fixed-term "autoblock" on the IP[s?] from
which that account has recently connected. Presumably, the duration of such
blocks is what $wgAutoblockExpiry sets.

avarab wrote:

Changed severity from "critical" to "enhancement".

dtaylorma wrote:

I'm in the process of putting a wiki together, and one of my primary
concerns is vandalism and bot spam. If my core pages are frequently
trashed by bots & vandals, I'm sunk.

I'd like to second the request for this feature, preferably
implemented with both images & audio. Ideally, it would have one flag
that would allow administrators to enable CAPTCHA solely for
registration, or enable CAPTCHA for each page edit.

gangleri wrote:

Captcha in other bug reports:
http://bugzilla.wikimedia.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&long_desc_type=allwordssubstr&long_desc=Captcha&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0

robchur wrote:

(In reply to comment #10)

Captcha in other bug reports:

http://bugzilla.wikimedia.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&long_desc_type=allwordssubstr&long_desc=Captcha&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0

TinyURL is your friend. Also, why dump all this stuff on us? We do know how to
search for it, if we wanted to. I'll bet 60% of those bug reports don't relate
to this one.

A captcha plugin is currently in production testing on some Wikimedia sites.

gangleri wrote:

(In reply to comment #12)

A captcha plugin is currently in production testing on some Wikimedia sites.

http://th.wikibooks.org/w/index.php?title=special:Userlogin&type=signup

Thanks Brion!

webmaster wrote:

Can I ask for some details on how the Thai Wikibooks implemented this plugin?

Could this be released as an more 'official' extension? I would think with the
proliferation
and intelligence of some of the newer spam-bots, this would be an extension that
a lot of
sites would want to implement. Our projects included...

I know this is asking a lot, but it might even make sense to bring into the
core. A great
deal of sites are using some sort of anti-bot tactics. (Wikis, Bulletin-boards,
blogs, etc.)

robchur wrote:

See the ConfirmEdit extension and the FancyCaptcha plugin in CVS. Requires
MediaWiki 1.6 for some of the hooks.

webmaster wrote:

Ahh very cool. Thank you.
Is that python script by Neil necessary as well I assume?

robchur wrote:

Yes, it's what generates the captcha images.

robchur wrote:

Closing as FIXED, since a working captcha extension is now available.