Unfortunately, all forms of "
captcha" - solving math problems, reading distorted words, whatever - can be defeated by bots, sometimes with
very clever methods.
One way to defeat any machine-unreadable captcha: Funnel the captcha question, as seen by the bot, to another website, where a human answers it, not knowing they are helping a bot.
For example, a pornography site that displays a captcha every few images or videos to supposedly "make sure you're not a bot". A real person, wanting to view the pornography, answers the captcha. The pornography site actually received the captcha question from one of its bots that encountered the captcha when registering for a forum that it wanted to spam. The bot sends the captcha question to the pornography site. The site automatically registers that there is a new captcha to answer in the captcha queue. The site displays the captcha to, say, five different visitors. The visitors answer the captcha. The site picks the mode from the answer pool, and sends it back to the bot. The bot enters the captcha and proceeds, spamming another forum with links to the pornography site, or to download malware that will infect more PCs and allow them to be remotely controlled and used as more bots.
That's not to say they shouldn't be used however. The most effective way to prevent forum spam is to have multiple layers of security. Several different captchas, both for registering, and for the first few posts of a new user. Multiple types of captchas too, often more than one type for things like registering for accounts. Another layer: automated content review - a program scans new content that is about to be posted to see if the structure of the content matches typical spam content. Mollom and Akismet are examples of this. Another layer: checking the email addresses, IP addresses, and user names against a database of those used by spammers, such as stopforumspam.com.
Bookmarks