Captcha Question

[sophie1204]

I manually approve all new users before they're allowed to post on my site, and just noticed that some have been using CaptchaDecorder or CaptchaBypass or something like that to get by my question and answer Captcha. Is there any way to prevent this? Would I be better off using Recaptcha? Any thoughts on improving security? Thanks.

 

[Jake Bunce]

It's always a game of cat and mouse. There are some other captcha options detailed here:

http://xenforo.com/community/resources/dealing-with-forum-spam.980/

KeyCAPTCHA looks cool.

 

[tenants]

It's a game of cat and mouse for those who follow suite and do as everyone else.

CAPTCHAs that everyone use will always be broken (Xrumer can get past most common CAPTCHA), customised CAPTCHAs work so much better, this is the big advantage of QA.. it's custom, the negative side of QA is that often the questions can be easily solved with logic or a hit list of answers can be queried (the bot can extract the question easily, and retrieve a set of answers from Google)

I've been told that KeyCAPTCHA works, but this wont last forever. As soon as it becomes worth targeting, it will be broken

However, if you make customisations to your registration page, it becomes so much harder to target (the bots are designed to register on lots of similar registration pages, and have been trained against common CAPTCHA, as soon as you customise your registration page, you throw a spanner into the works for the poor bots)

CustomImgCaptcha is free and an easy way to customise your own CAPTCHA set

Also, take a look at this: how I stopped spam bot registrations


I would use a range of bot prevention techniques (have at least one as your back up for when the other fails)... but then I'm paranoid

 

[MagnusB]

I manually approve all new users before they're allowed to post on my site, and just noticed that some have been using CaptchaDecorder or CaptchaBypass or something like that to get by my question and answer Captcha. Is there any way to prevent this? Would I be better off using Recaptcha? Any thoughts on improving security? Thanks.

Recaptcha is broken beyond repair. As it is now, it is easier for bots to pass it than for humans. Try to go for a less popular plugin, the popular ones get the most attention from the guys developing bots. I use Are you a human, and are pretty satisfied so far. Q&A could work, major reason I don't use that is because you have to cycle your question every few months, and after a while you will really start to struggle to find questions most people find easy to answer.

 

[tenants]

Q&A could work, major reason I don't use that is because you have to cycle your question every few months, and after a while you will really start to struggle to find questions most people find easy to answer.

I agree, not only do you have to find questions that are easy for humans to answer, you need to look for questions that aren't simple to solve (such as simple maths questions 1+1, or simple logic ... first letter of "myWord") and questions that are not easy to query the answer to (which is quite hard with an almost limitless supply of QAs from search engines)