there is anecdotal evidence that in recent months, the problem seem to become worse and worse.
it is pretty clear that the phpbb 2 visual confirmation have been cracked for some time now, (although i dont know of any pulically available crack).
phpbb team's response have been to create a whole new captcha system.
this approach has some problems of its own, mainly the fact that many times the captcha image is not easily deciphered by humans.
the way i see it, though, is that captcha in itself can not be consided to be a satisfying solution.
there are several reasons why i make this claim. first, ocr technology improves, and the gap between automates' ability to decipher the captch and human's ability is constantly closing. sooner or later, any captcha image that will fail the automates, will also fail most humans.
second, spammers can always employ humans to decipher the captcha. this can be done either by using a sweatshop style "crackers" that charge 5 to 12 cents per crack, or by using unwilling an unwitting volunteers
( this last mode is an interesting story, so i will outline it here:
the spammer sets up a porn site, with some free stuff. in order to see the free stuff, you have to solve a captcha. when a new user get to this point, a bot create a registration on the target site, and tunnels the image to the porn-site user, which become your unwilling volunteer. after they solve a number of captchas, the operator either "throws them a bone" and let them see paris hilton shagging a horse or something, or not. it really doesnt matter at this point)
so what do i suggest?
i dont say we dont want or dont need the captcha. what i say is that captcha in itself will not be able to block spammers, and we will have larger and larger problem with spamming.
i suggest to reduce the attraction our bbs has for spammers, by attaching a rel='nofollow' to every user-supplied link, either in posts, signature, or profile.
the rel='nofollow' thing tells search-engines to ignore the link in as much as site rating is concerned. this will eliminate the main motivation for spamming our boards.
this can not be done individually, or by a MOD: the spammers do not know, and do not bother to find out, which boards will have the MOD and which will not.
it will only work if this is the setting in the core product. moreover, it will only work if this isnt a configurable thing: it is enough that the spammers will think 5% of the boards do not use this setting, and they will hit us all.
i know that this discussion was conducted more than once, including the suggestion to include the nofollow part. the reasons i bring it on one last time are:
- this seems to be the very last minute where such a thing is still possible and effective. once olympus hits RC, it will be too late: even if the nofollow thing will be added later, the spammers will hit us all hoping to catch an early installation that did not upgrade
- second reason i bring this up again is the anecdotal evidence that spamming is getting to be a very significant and ever increasing problem for bbs operators
