I suppose, in some cases spammers may "decode" the Captcha's back-reference codes (those coming to the image generator via GET method), just building the static database of those codes. If the $secretTuringPass
is not changed for a long time, in a week or so, they could completely generate all possible variations of the 5-characters or even less phrase and then use it to automate spam, even if the forum is protected by Captcha.
The basic workaround here is to use $secretTuringPass
more often and
to a larger number. However not each forum admin / module owner is up to this... Below I have provided instructions on how to boost the security of the Captcha module. Similar codes were used for our customer's forum and by now they appear to work for months.
The tricky side of it, is that each new day the script will add a specific character to the end or the beginning of the secret phrase, so each day it will be new. Also, on odd dates, the Captcha will consist of 6 chars, on even dates it will consist of 7 chars.
This may be changed or improved on your end with customized values; mandatory change
is about $secretTuringPass
value - the one we have here, is just for example and it should be changed to something more tricky and unknown!
1. Under addon_captcha_options.php
, instead of just the plain value of the $secretTuringPass
, set this code:
if(date('d') % 2 == 0) $whereToPaste=0; else $whereToPaste=1;
if($whereToPaste==1) $secretTuringPass.=$chr1.$chr2; else $secretTuringPass=$chr1.$chr2.$secretTuringPass;
You may change if($whereToPaste==1)
to make it less obvious, you could also swap d
for $chr1, $chr2
2. Instead of the plain value of $symbAmount
, set this:
$symbAmount=((date('d') % 2 == 0)?6:7);
You may change 6
to another values, or swap them.
3. Just let's not forget that as more characters you have to appear, as more width the Captcha image should have, so set this with a reserve:
I've currently set up the similar codes here on miniBB forum, let's see if they will help.
Feel free to report your issues on this.