Captcha is failing! Is there another way

We installed a forum for Summer of Code . Unfortunately, we been receiving a constant stream of fake registration advertising chinese and russian porn sites. 🙁  I would if we’re been hit by beating captcha by using porn.

We’re using phpbb and its been great, I suppose we’re suffering from its popularity. We’ve had to turn more security which mean every registration has to be manually approved.  The interface in phpbb is not that to deal with bulk spam.

Is there a better way, or are we going to succumb to 3rd world spammers????

10 Responses to “Captcha is failing! Is there another way”

  1. Glen Barnes Says:

    What type of CAPTCHA are you using? I was wondering if you have tried the RE-CAPTCHA as I wanted to see if this was any better (digitise books AND hopefully stop SPAM).

  2. kirill volkov Says:

    Have you seen this article (Has CAPTCHA Been “Broken”?):
    It gives good comparison of different captchas.

  3. john Says:

    We’re using the defualt captcha as installed by phpBB. I’m note sure if we can overload it with something else.

  4. Stephen Judd Says:

    This may be useful to you:

    Basically, some captchas simply suck and are susceptible to automated OCR – others don’t and aren’t.

    FWIW, other strategies include:
    – multiple forms hidden by Javascript/CSS (don’t allow users that post to the hidden form)
    – change default variable names
    – charge default posting URLs
    – add extra steps, eg mandatory preview
    – queue the first comment from a new user for moderation

    There’s no solution that doesn’t involve customisation – automated attackers focus their efforts on “out of the box” configurations.

  5. Stephen Judd Says:

    Another angle: just set up a Google Group, and let them deal with it…

  6. M Freitas Says:

    In addition to hidden form (which should be discarded if filled because humans wouldn’t do it), try doing a different thing: people should enter their email addresses requesting to join… Send an encoded URL containing the email address. Whe the actual registration comes in check that the e-mail used matches the one in the encoded URL. This is what I do on Geekzone and simply reduces spammers a lot…

  7. john Says:

    Hmmm Google groups is sounding appealing…

    I installed a more advanced captcha and hopefully that will offset the default actions to stop the scripts from doing their thing…

  8. Shoaib Says:

    iptables ftw!

  9. john Says:

    Iptables is too much work. I’ve done that before to stop spammers hammering my box. Regarded too much work.

    We have a email validation, its still not stopping registrations.

    The new captcha seems to be working as I’ve had no spam registrations since. fingers crossed.


  10. Shoaib Says:


    that should cover pretty much all of new zealand 🙂

Leave a Reply