Hi - I'm getter spam left on my forum but I'm concerned that they are registering with an IP address that I have just used when viewing the site - I have a random ip - how do they do that ie choose their ip and why mine?
Both QA and ReCaptcha have been solve for quite a while
ReCaptcha has be solved by training against the image sets, QA has been solved by bot users answering the questions and those answers being shared with a central db (XRumer competitions)
If you like Captcha (I'm not a huge fan of them myself, making people jump through hoops isn't always great for % sign ups)
... I do suggest, if you use CAPTCHA, use custom images (take a picture of something in your bedroom and add a question to it) ... this is always unique and hard to solve. But there are plenty of CAPTCHA that are still working (since they are uncommon so not yet targeted, use custom images or have only just started to be targeted)
Bot users (mostly XRumer users) go back and look at where they have failed, they then answer your questions... these questions are then shared with thousands of others
Then all bot users can automate registration on your site
With QA, it is only a matter of time until a bot user decides to answer your questions.. when this happens, you get a flood of bots
You can change your QA questions regularly, but you will always be playing a game or Russian Roulette when you use QA alone, you never know when the bot users are about to manually solve you questions and have them shared
These are bots you're dealing with. Most automated bots can solve questions like this because they can analyze simple text such as 10+15 and work out the answer might be 25. That's without any human intervention too.
Spam is a big problem and it needs big tools to solve it.