URL to your eFiction: http://www.thealphagate.com/
Version of eFiction: 3.5.1
Have you bridged eFiction, if so with what?: N/A
Version of PHP: 5.2.6
Version of MySQL: 5.0.16
Have you searched for your problem: Yes
If so, what terms did you try: CAPTCHA, Spam
State the nature of your problem: Spammers are registering in spite of CAPTCHA being on.
Do you have a test account for us? No
Every few weeks a spammer manages to register even though we have CAPTCHA enabled. They they post hundreds of spam reviews in a very short time. (We have anonymous reviews turned off).
I want to make it harder for the spammers to register. I will add more fonts, but one thing I noticed is that the CAPTCHA box only every shows digits, not letters. Is that how it's intended to work? Is there any way I can enable letters as well as numbers to make it a bit harder for the spambots to find a correct combination? Or, is that not really the problem? Could the spambot registrations be using some other way to get in? The registrations do show up in the action log, so it seems like they come in through the front door.
Anyway, if there's a way I can enable letters and numbers, I'd be willing to try that.
Most webmasters think that captchas are the best way to stop spam, but this is not the case. Captchas might be a good thing as long as they don't block even normal users due to readability issues. And since services like Web Visum for the visually impaired community exists, it's very questionable wether captchas are still as secure as most programmers think. Even spammers could already have such a service and crack captchas automaticly. You could try to increase the difficulty level, but this will also incrrease reading problems of your normal users.
There are some other nice tricks to avoid spammers, such as css hidden input fields (the "honypot") or time based form validation, wich in combination with each other could be a much better spam protection than captchas.
Steffen
Steffen's right. No CAPTCHA is going to stop all spammers. There's likely that no system at all which will stop all spammers. It's too easy to pay someone in India $1 an hour to post them manually. You can only try to catch as many as you can.
Yes, the image is intended to only show numbers. You can change includes/button.php to add letters just make sure you leave out 1,L and i and s and 5 as they're too easy to mistake for one another.
Thanks for the insights and advice. Probably better to monitor new registrations more closely than make it harder for real people to enter the CAPTCHA code.
Michelle
