Hi.

I have RC4 installed along with most of the plugins.

My issue is despite the latest captcha plugin being installed I'm still getting about 5 + spambots managing to register on my site.

To my knowlege everything is installed and configured correctly. I'm not necessarily saying its CB thats in error as perhaps theres a hole or module left elsewhere in joomla to blame but I just cant see anything.

Site runs Joomla 1.5 in legacy 1.0 mode.

Any suggestions or help would be greatly appreciated.

I thought mabye security wasnt tight enough, changed security characters to 8, changed the font to one other than the default and boosted character set to some symbols and a-z A-Z but still getting the odd registration, dont know what to check next.

Hi,

know your enemy. CB captcha has no font deformation or other difficulties for automatic captcha detection. So it does not protect against bots very well - 100% detection rate from PWNtcha [1].

[1] caca.zoy.org/wiki/PWNtcha

Hi nant,

I already forgot that source but I recalled there was something some time ago and I found it in my link collection The list of captchas not pwnable by PWNtcha is gives some examples of maybe more secure captchas. But they do not look easy to implement

As you can see in the second part of the wiki, font transformations seem to be a good protection. The downside is that it is not that readable anymore.
What about simple math captchas? e.g. 3 + 4 = ? (also text only browsers / screenreaders may be able to read them). But these are maybe also easy breakable by bots?

@ergohost
You may want to activate the e-mail confirmation option. I use it in combination with captcha and did not have any bot registrations yet. You will see fake or mistyped registrations when the confirmation is pending for some time