Hey guys, i'm using the customIMGcaptcha at the moment but it seems like bots are still getting through it, I'm also using Xenutilities and the RegFormTimer, but it seems like these aren't preventing bots from coming through....unless these are human-registered bots, what's the best way to keep these bots at bay?
If you use FoolBotHoneyPot you will know if the users that are getting passed your ImageCaptcha are bots or not, for instance you will have stats on each image ...
This is why they integrate well together
If the bots are getting through your Q&A then they aren't written very well.
Have a look at my Q&A on
Partisan Lines and then look at the status update spam I'm getting, and explain that to me. I just deleted a few hundred spams from the last week, but there's loads more in there.
QA or customImageCapthca will all be beaten at some time (regardless of how well written they are). Once a bot user fails the CAPTCHA, the bot user will often go back to some of the sites, and manually answer the CAPTCHA, they then store the answer in a local text file (textcapctha.txt)... this is then shared centrally on database for all bot users to use (so you see, there is no such thing as a well written QA ... all will be beaten eventually, QA alone is like playing a game of Russian Roulette). A QA is a ticking time bomb, but that time bomb has already been lit. QA can work at stopping 100% of bots until the bot user manually store the answers (as long as you don't use QA that can be easily solved with logic, or QA's that have been used before). They work really well, and then all of a sudden they let almost 100% bots through, knowing when this happens is important!
Knowing when to replace these QAs or images is important, so FoolBotHoneyPot Helps you here, it tells you the % of bot users / human user that fail the CAPTCHA:
And for another site here:
On the second site you'll notice 2 things
1) A few humans fail the CAPTCHA (this is because it attracts more users from around the world, which do not all understand the CAPTCHA in English). So, if you do not want to block these users, make sure your CAPTCHA is applicable to your target audience
2) A couple of bots have passed it... this is not abnormal. All this means is that a user has been detected as a bot, gone back and re-attempted it as a human. On re-attempting, their IP had been recently detected as a bot, so although as a human they solve the CAPTCHA, they are detected as a bot (their IP has recently been used for botting), but their bot attempts still fail (it is not uncommon to detect a few bots via human users that have previously been botting... bot users do go back to your site to figure out why they have failed.. this is often when the handful of bot users pass the CAPTHCA)
When you get a high number of bots passing a particular CAPTCHA... this is when you need to change that CAPTCHA
This will happen often with the core QA, XenForo QA has been targeted, so it is easy to store the answers for the CAPTHCA.
However, CustomImgCapthca has not yet been target and it is much harder to store the answer for each image, since there are many thousand versions of an image per question, and the image location is never the same..
So...
1) CustomImgCapthca still stands strong at stopping bots, but like QA, you may need to change it (unlike QA, if you use FBHP you will know exactly when this happens)
2) FoolBotHoneyBot can back up your data and tell you exactly when you need to change your CAPTCHA (and still stop 100% of bots even if your CustomImgCapthca is broken)
3) If your CAPTHCA is still strong against bots, yet you still have spammers, it sounds like your spam users are human spammers ... have you tried a) StopCountrySpam (if applicable) b) StopHumanSpam
All of these are available to try as Free addons in the TAC Pack:
Free version:
http://xenforo.com/community/resources/tac-tenants-anti-spam-collection-anti-spam-free-version.1474/
Paid version:
http://xenforo.com/community/resour...ollection-anti-spam-complete-collection.1469/
FoolBotHoneyPot currently stop 100% of bots, confirms results with CustomImgCaptcha, can be used with AnyApi... try it from the free pack to see what is happening, if these are human spammers, then you might find that your CustomImgCaptcha is still working fine at preventing bots, so you need to concentrate on human spammers (StopHumanSpam and StopCountrySpam are also available in the TAC packs above)
All I can do is create plugins that stop 100% of bots, or prevent human spam.. it is up to you to
1) Try them (for spam, they are all available to try for free)
2) Figure out what the results mean / read the documentations... The documentation does tell you that it is a good idea to use FBHP and CIC together (since they work hand in hand)