Personally I feel that user customisation/randomisation is the only real possible way to go to prevent again this form of attack..
Sure, the waiting users can yell at you instead of me for implementing this feature.
What I proposed earlier was to include a forum within the MOD Development forums that specialised in producing new parts for the captcha system, phpBB is a big enough project that a number of people will jump forward to help and I'm sure that skilled enough people could produce captcha elements, I think that this topic itself shows, what is there, 5 or 6 people who have produced their own captchas? And this is just within this thread..
I would say that this is a step not to be taken lightly, and ultimately it will be down to a compromise, between ultimate security and developmental responsibilities, I mean do you guys want to be blamed for an insecure captcha element that perhaps I wrote, of course not.. But I feel that with the community support this project has that it would be silly not to harness it in some way or form to help with security in this way which requires obvious innovation..
Like I said earlier this would require mediation, but who says a small off shoot of the MOD Team couldn't handle the task?
As for user registration, I will add that there is already systems that can bypass email activation, unless my reading material from a few months back was incorrect, admittedly this would slow regisration attempts down dramatically, but I am guessing, thinking about vague logistics, that within a 10 minute period 500-800 users could still be activated, and who checks their sites every 10 minutes? Not to put a total downer on this, and run the risk of impersonating AnthraX101, I feel that the registration experience is actually vastly improved upon from 2.x, the lack of immediate options is a real godsend from a spam prevention point of view, but it would only take a few more lines of code to login and update the options..
Anyway, enough reading material from me today.. /me goes off to try and work out how match two images literally.. Yawnster