I'm looking to secure my site a little better against the spam bots. Because recaptcha has been so thoroughly defeated, I currently use custom question/answers. They're answers that anyone who's followed racing, or knows how to google, will get right off the bat, but apparently the spam bots have caught on and added them to their registration answer database so they can get it right off the bat too. Not that I wasn't expecting that, but I don't think I could keep coming up with new racing related question/answer CAPTCHAs every time the bots have figured it out.
The good news is, I've already done a lot of work and research into CAPTCHAs when I made my web based games. I have a couple of candidate PHP-based CAPTCHAs that I'd like to try out and see if that shuts em up for a while.
One of them, I made myself, and while it's not particularly strong as CAPTCHAs go (I've already been told how to break it), it'd be security through obscurity. Someone would have to go out of their way and design something in their spam bot to break it.
The other, perhaps the CAPTCHA equivalent of brute force, is teabag 3d, which draws a wireframe rendition of the text. I've begun to use it exclusively on one of my web games, and it has stopped all CAPTCHA breakers. I don't personally know of a way it can be broken, although I can see where somebody suitably determined could do it, it's just a question of the amount of effort vs. the reward (spamming a medium sized racing forum, or winning a silly old web game).
Where do I start on hooking one of these CAPTCHAs in, in place of recaptcha or the question/answer?
The good news is, I've already done a lot of work and research into CAPTCHAs when I made my web based games. I have a couple of candidate PHP-based CAPTCHAs that I'd like to try out and see if that shuts em up for a while.
One of them, I made myself, and while it's not particularly strong as CAPTCHAs go (I've already been told how to break it), it'd be security through obscurity. Someone would have to go out of their way and design something in their spam bot to break it.
The other, perhaps the CAPTCHA equivalent of brute force, is teabag 3d, which draws a wireframe rendition of the text. I've begun to use it exclusively on one of my web games, and it has stopped all CAPTCHA breakers. I don't personally know of a way it can be broken, although I can see where somebody suitably determined could do it, it's just a question of the amount of effort vs. the reward (spamming a medium sized racing forum, or winning a silly old web game).
Where do I start on hooking one of these CAPTCHAs in, in place of recaptcha or the question/answer?
Last edited:
