July 5th, 2008, 08:01 PM
A CAPTCHA is only going to be broken if:
1. It's a common kind of CAPTCHA which is installed on so many sites that someone will put the effort into breaking it
2. It's a very high-value target site, such as gmail or yahoo
In practice for most sites, where neither of the above two applies, nobody will bother breaking it.
If your site looks 99% identical to a zillion others, then your CAPTCHA probably will too (unless you make some custom mods) - so it will be able to get broken.
When I've had bot problems I've typically put in some very lame bot-finding stuff such as adding bot-fodder fields (sometimes hidden ones) to a form - with excellent results.
Truly automated attacks (i.e. ones with NO human input at all) don't get past anything that's at all different from what they've been trained on.
By nihil in forum Security News
Last Post: August 11th, 2007, 05:04 PM