To give the background to my question, I use the Vanilla Forums for the website I am launching. Vanilla forums come with baked support for using reCAPTCHA to authenticate new registrations on the website that I have included. However, recently on my forum I saw a spike in spam registration (obvious "spam" user names, the same email address, etc.)
I studied this to try to understand how spam bots can pass the reCAPTCHA test. I know that in reCAPTCHA one of the words is known to the system, and the other is not , therefore it is possible that the presentation of the form can be checked even if the wrong word is entered .
So, I tried a couple of things in the registration form on my site, entering the wrong reCAPTCHA inputs. I found that...
- If the number of characters entered for each word is correct.
- The response answer entered for GENERAL words is entered correctly EXCEPT a single character
... a reCAPTCHA error does not occur.
I do not think this question is also isolated from the Vanilla Forum. When you go to the demo page for reCAPTCHA , try it yourself. Enter two words, correct the number of characters, but turn off the words themselves with one character - with similar character types (for example, "a" instead of "d", "v" instead of "w").
Is there something wrong with the vanilla reCAPTCHA implementation, or is this a known issue with reCAPTCHA itself? (You can check the Vanilla registration form here .)
Perhaps related: Has reCRaptcha / OCR'd / defeated / broken been hacked / hacked?
source share