OT and FYI: Article on security logons

[RoryOF]

http://www.bbc.co.uk/news/magazine-18367017

[Hagar Delest]

Another recent solution (perhaps more accessible): http://blog.nothingbutsoftware.com/2012 ... ut-captcha and http://areyouahuman.com/demo

[kingfisher]

There are some captchas that require many attempts to get right. I found a novel approach on the Chakra registration page. Unfortunately I forgot to copy the url of that page after logging out but you should be able to see a link to it by loading the bbs page.

I am attaching a snapshot. I was fooled and I'm not a bot.

[TerryE]

Once we require the users to enter their OpenOffice version and check that the response contains "office" and "2." or "3." we have eliminated all generic phpBB registration attack bots. Yes, it is easily susceptible to specific-to-this-forum coded attack, but I very much doubt that any attacker will go to this effort for a single forum with our usage patterns and volumetrics.

So most of our successful registration attacks employ cheap sweat-shop labour. This type of human attach will easily defeat this type of security measure.