[support] Captcha and spam issues

[John Summerfield]

On 29/05/13 01:59, Pia Oliver wrote:
> How is this happening? I have been told that robots are not capable
> of deciphering an image but possibly math. That's why I have changed
> every single one to image captchas.

Capcha just requires OCR capabilities, if it's important enough someone 
will do it.

It also drives legitimate users away. I rarely fill in capchas.

My D-Link wireless router defends itself (from internal users, why? I 
ask) using a capcha. It's validated in javascript. I nearly returned it 
for a refund, but first tried making an HTA (on Windows) based on the 
login form ant that works fine. So I figure that some capcha might by 
bypassed by anyone who knows what data to post to a form. For example, 
maybe I can configure a webform on testserver.example.com (it exists, 
it's on my LAN) to post the login data to my bank. It's not a lot 
different from what anonymous proxy servers do.

A technique I have seen recommended, but have not tried for myself, is 
to create a field in each protected form that is invisible but a bot 
would complete. It wouldn't bypass humans paid to bypass your antispam 
measures though.

In my particular case, I have a site for people in my area. If you're 
not located in Australia, you cannot register. If you're registered, you 
can login.