When we resolved https://phabricator.wikimedia.org/T322665, we realized there was a lot of spam accounts being created on Wiki's even with a Captcha in place and an up-to-date MW version.
We've seen reports of close to 2k spam accounts created per Wiki per month (see comments). This is big overhead for the Wikibase admins to manage their Wikibase and community with legitimate account requests.
Helpful context around the Captcha: https://www.google.com/recaptcha/admin/site/577576057
Perhaps adding oil to the flame: T301243
Question we want to answer: Are people creating these spam accounts able to go around the Captcha somehow (is the Captcha not working?) or is this done manually and if so, how do we stop it from happening?
AC:
- Stress test the Captcha
- Check during a random timeframe (occurs any day) how many legitimate vs. spam accounts were created
- Define a way to prevent the spam accounts from getting through