Jun 16 2011
CAPTCHA images have become a common way to fight the plague of spammers that is out there attacking our websites every day. You know, those extremely distorted images that are supposed to have some letters hidden in there to prove that you are human.
But there is a problem. CAPTCHA’s do not work. They have two purposes, to keep automated spam bots out, and to let legitimate humans in.
CAPTCHA does not keep spammers out
I currently use re-CAPTCHA (by Google) on my zenorsoft.com forum, where currently there are 1,500 spam messages sitting in the queue waiting to be deleted. (I delete these every couple of weeks when I have the time…)
Eternal Truth Ministry was getting hit with so much spam even with CAPTCHA enabled that I had to add a lot of extra safeguards to prevent the spam. I currently have at least a half dozen wordpress plugins just to fight the spam, and it finally seems to be working. I only get about two or three spam messages a month.
CAPTCHA does not easily let humans in
I have run into several CAPTCHA implementations that are nearly impossible to read. One of the best systems I have seen is re-captcha, or at least used to be. Take a look at these two sets of words that re-captcha gave me to solve.
Are there actually two words in either of those?
We obviously need some way to fight spam (make it a capital offense?), but the current systems of capthca images just does not cut it. Many people have a hard time with it, while for others it is downright impossible.
I did find an interesting and fairly simple captcha solution for phpBB forums that I use for ETM called People Sign. There is an image shown, and then you select the image from a list of six below that most look like it. Then you do it a second time. That is pretty simple, and has seemed to keep the spammers out for the most part (I still have about one spam message per day post on the forum).
But the problem is that nobody expects that to be a captcha. People would rather see the distorted words, because that is what we have gotten used to. I have gotten several support requests on the forum from people who could not register because they did not attempt the People Sign captcha, because they just thought it was an add or something.
So while there are solutions out there that try to solve the traditional captcha problem, since it is unique and unexpected, people ignore it.
Do you have any suggestions for systems that work to keep spam out but let the humans in?