It works!

[RobSeegel]

I took a critical look at the registration/captcha mechanism today. The key problem that I can see is that it allows the potential hacker to get multiple tries at solving the same captcha image. I looked in the logs, and saw multiple failures on a few suspicious user names before success if they succeeded. Some would-be hackers (or possible newbies, I suppose) gave up. My guess is as you make the captcha image harder it takes more attempts to get it right.

Ideally, if you have a failure, then that Captcha image should be retired and a new one generated so that multiple attempts cannot be made on a single image. Well, I have the software and it is open source, perhaps I could submit a Patch... First, I need to get it working on my computer.

[brell]

Rob, if you spot a newbie, that has surely hacked himself in, then you are allowed to delete him without any further warning. We have already warned hackers that they will be deleted if spotted.

I myself find everyone with trash usernames, like dslijgfgiphj, and with an email ending with .ru very suspicious.

[RobSeegel]

0313040D0D610 wrote: Rob, if you spot a newbie, that has surely hacked himself in, then you are allowed to delete him without any further warning.  We have already warned hackers that they will be deleted if spotted.

I myself find everyone with trash usernames, like dslijgfgiphj, and with an email ending with .ru very suspicious.

I've already been doing that. I made a sweep of the users and I focused on those users who hadn't been online ever. A few different sorts made it very easy to find suspicious accounts. I think total users had been over 600 before I cleaned house. I agree about the things you find suspicious - I've looking at that. I've also been visiting the error logs and tracking some of the behavior. Pretty interesting - to me, anyway.

Anyway, I followed your posts on this issue in the forums with great interest.