Can anyone recommend a current effective captcha solution?

I have a site with a simple form response. A few months ago I started getting fictitious materials from Russia - 4 or 5 a day. I've tried several solutions to no avail:

  • I added reCaptcha which worked for a few days, then started spamming again (a quick google search showed that reCaptcha was hacked in 2010!).
  • Then I switched to a simple javascript snippet "What is two plus three?" This too was hacked a few days later.
  • Then I switched to SecureImage (PHP image captcha). The next day, more spam.
  • Then I added a Title field to my form and hid it with CSS. My form handler (php script) rejected the form if the title field was filled (presumably by a bot). Spammed.
  • I modified my javascript today to ask different questions. Spam within an hour.

The logs show that the views are coming from different IP addresses each time. Those with whois login are from Russia. Any suggestions how I can handle this? I would rather not do email verification or anything else that might annoy users.


source to share

4 answers

Captchas are speed bumps, not road blocks. They will never be a 100% solution.

There are even web services (with APIs!) Where people solve blobs, for fractions of a percentage.

I've also seen a funny implementation where spammers run the "Send this captcha to view a porn gallery" site. They present your captcha to people looking for nude photos and pass their response to your form.



To be honest, they are getting better and better every day and there is no surefire way to stop SPAM completely. The best solution is to include a little of both of them. reCAPTCHA is good, but when you combine it with a math equation, it can be really good. Also, you want to keep in mind not to create SPAM traps too hard because they can do well to keep spam bots out, but they also do a good job of hiding real users.

Also, if you don't want any client from Russia, or you know you won't have any real business from anyone else, then why not just block Russian IPs?



I don't want to brag because today it will be hacked if I contact it, but I made one that seems to work pretty well. In essence (and I will give you the details) I have a dozen simple photographs of a cat, a dog, a car, an airplane, a bird, etc. - and I display them along with a randomly named form field (something like MD5 (rand (1,10000))). To fill out the form, the user has to write a dog or cat or whatever in the text box.



I came across NuCaptcha on Slashdot, it uses videos instead of images to make them much harder for bots to read, but easy for you and me as it doesn't have to be crazy scrambled. his works pretty well so far, but i agree with ceejayoz. Anyway, just to ditch the tires and see what you think about it.




All Articles