can captcha be hacked??

[corpplus]

hey all,

i have this website www.corpplus.net, i created a wall page where the visitors can write something on site (see http://www.corpplus.net/corpplus-wall), i am putting a Captcha image in the form, but i receive also a spam and some messages which are not a real user like this message :

"side effects of oral typhoid vaccine emsam uk humulin n pen device .... " from "[email protected]", and it's clearly that's not a real user, so how they can do this? Doesn't Captha deny this cases??

please help

[cssfreakie]

yes. pretty much anything can be cracked nothing is 100% secure. But you can make it harder for them.

 

right now i am pretty sure just a simple OCR would suffice to break your captcha http://en.wikipedia.org/wiki/Optical_character_recognition

 

You might want to have a look in the captcha google provides, it's much harder to crack as far as text because their own ocr can't crack it. (they use words from old books if i am correct)

http://www.google.com/recaptcha

 

hope this helps.

 

[gizmola]

Your captcha is really bad.  However even when you have a captcha there are schemes and even people who are paid to manually post spam, if the target is considered important enough.  With that said, you really need a better captcha.  Recaptcha is one solution you should consider.

[redixx]

If you want to use a captcha, use ReCaptcha. It is the best one available, and in my opinion one of the easier ones for humans to actually use.

 

That being said, captchas are not fool proof. They only keep the poor or undetermined spammers away.

[corpplus]

i am trying now to use recaptcha, but i am facing some hard issues, thank you so much

[corpplus]

there are something not clear! in this page : http://code.google.com/apis/recaptcha/docs/verify.html, they said i have to send the private key POST to the URL "http://www.google.com/recaptcha/api/verify", so i have to make an input hidden and set his value to the private key given when i created the recaptcha, but when i create it, they give me :

"

Private Key: ******************************************

Use this when communicating between your server and our server. Be sure to keep it a secret.

"

so how i will fix this? please any one can help me in full steps?

[blacknight]

i run a site we used recaptcha re got 10+ posts a day of teh same bs .. we now use a captcha flash puzzle with 100 dif puzzles each with 5 sizes and dif number of pices making it more hard for them any way ... as for adding recaptia in

"<form name="frm_wall" method="post" action="http://www.google.com/recaptcha/api/verify" id="frm_wall">"

on your wall page add a hidden input bar but more of a better way to to use imbeded functions thatw ay they cannot get the post info see this http://code.google.com/apis/recaptcha/docs/php.html how to make a php function that sends the info a lil more secure

[corpplus]

yesssssssssssssssssss it works now!! finally  please may you test it for me pleassssseeeee?

[gizmola]

I posted a test message and it was accepted, as far as I could see. 

[corpplus]

Yes i see your message and i confirmed it, thank you so much for your assistant, it's highly appreciated.