MOD Textual Confirmation Rises From Pit of Despair
True Story:
I became so irritated from using phpBB2 Advanced Visual Confirmation, which ended up causing me more trouble that it was worth, that I finally did something about it.
After thinking that I had wrapped a spammer-proof wall of security around my forum, I discovered that spammers were having an easier time decrypting my captcha images than my authorized members were. In fact, I often ended up having to manually register new users who I thought weren’t smart enough to decipher the image that was sitting right there in front of their face. It was only after I tried (and failed) to register one particular user 5 times that the truth hit me:
When it comes to default captcha decoding skills: Computers win, humans lose.
The default phpBB2 captcha is very very simple. There’s no screwed characters, fancy backgrounds, etc. The most basic spambot can plow through this level of protection in milliseconds. Real users stumble.
I’ve collected some good information from you guys and I want to thank everyone who posted. Based upon your input, I recently installed phpBB. I have about 150 users. I’m getting anywhere between 1 - 10 spammer signup attempts per day right now. As part of my experiment, I went into the code of usercp_register.php and added a little mod that logs everyone who attempts to register.
Here’s what I found out…
Although no bot fails to decode the captcha, about 10% of the real users cannot decode the captcha; the most common mistake seems to be entering all lower case when the visual confirmation requires all upper case. I’m inclined to turn off visual verification and probably will soon.
The end result? Captcha continues to be a bad implementation of a good idea. That’s why I created Textual Confirmation.