TOPIC: [Website] Spambots & You

• Ingame Name: Xalius
• Which server is this suggestion for?: Not a server, but your website.
• What would you like to add?: Google Recaptcha instead of Areyouhuman spambot countermeasure.
• How would it benefit the server/why do you want to add this?: Improve the website performance and completely shut out spambots.
• Would it be exploitable, and if, how could we make it non-exploitable?: Google Recaptha is a very solid spambot countermeasure, I would daresay it's almost flawless. If anything additional could be done to improve the registration system I'd say you should check if the registration code validates user input using client-side elements (JavaScript, jQuery etc.) or server side-elements (PHP)

Additional notes:

As I mentioned in my introduction post I am a graduated web-developer, while I was by far not the best in my class it's still a subject I am very interested in and become better at, so the temptation to explore flaws and weaknesses in websites is almost impossible for me to resist. Back when I was still an aspiring web developer, finding these flaws was something we did for sport on a regular basis to each other in my class and it has been proven to be a very useful trait to keep up to date - to find and fix potential flaws on a website.

To bring myself back to the topic of this thread, I recently came across the list of users on this forum and decided to see who was registered. To my surprise I found out that the list of users was literally flooded with spambot accounts - each created in a matter of a few minute's interval.
While I am aware these registrations are about a year old, it's still something that happens very regularly on this website (note the join date and last online dates - often the work of spambot generators).

So what can be done about this?
If anyone else in this community is a web based programmer or know a thing or two about the subject, you and I both know and can agree that fighting spambots is a fight that is still being tirelessly fought to this day and many features and implementations have been added over the years to fight this menace; while some methods work, some may not always and in this case it would seem your spambot countermeasure from areyouahuman.com is not doing an optimal job.
By simply using a Google Chrome extension such as Web Developer, you can disable essential website resources such as plugins and JavaScript functions.

I am an avid user of the Web Developer extension and by disabling the resources I mentioned I was able to trick the registration system on Zarpgaming.com (I hope you aren't going to be mad at me, only made one account to see if I was right) and avoid the spambot countermeasure - rendering areyouhuman spam checker completely useless.
While it is always possible to disable JavaScript elements from a website, spambot countermeasure systems shouldn't depend on these kinds of elements to keep its most essential mechanics intact and that is what I am suspecting your current spambot system is.

To sum everything up, I would wholeheartedly recommend that you switch over to Google's ReCaptcha spamchecker. I can tell from personal experience, it has never let me down and it does a very solid job in keeping the most annoying spambots at bay from your website.
You should also consider making users validate their newly registered accounts with a link sent to their email they associated the account with upon registering - a second layer of security that renders an account useless unless it's validated by the user themselves.

I hope you found my suggestion to improve your website's security functions useful and if you need any help or have any questions, I'll be glad to help and again, I am very sorry to have created a useless account to verify my theory - I hope you can forgive me for that.

Any additional information either to add what I've already written or to correct me on certain parts are more than welcome!

I believe it's safe to say you just raised the bar above the fkin' ozone for suggestions.

If there are ways around our current human verification then it completely defeats the element, I'll push this to Chute.

Again:

Thank you very much for the kind words, I am happy I was able to help.

Hi Xalius,

Thanks for your post. The team has taken your comments onboard. We wanted to let you know that we recently upgraded our site to a newer platform and that the issue regarding spambot registrations has now been resolved. We hope you will take Are You A Human's verification system another look because thousands of small and large sites alike are implementing their system because its proven to be quicker, more secure and effective than Google's reCaptcha.

Chuteuk

Hi Chuteuk,

Took another go at your registration system and I was unable to duplicate my last workaround, so it is indeed fixed!