Receiving Spam Mails even though there is Captcha

CAPTCHA has been broken for a very long time:

https://caca.zoy.org/wiki/PWNtcha

https://halfelf.org/2010/captcha-isnt-accessible/

The most you can hope to accomplish with a CAPTCHA is to discourage individuals with visual difficulties (and individuals who just don’t want to bother) from interacting with your site. As for the bots, they’ve been solving CAPTCHA with the same software offices use to scan printed documents to text for years.

Did you get the email option from a plugin, or is it part of your theme?

Thank you James. The email option is a part of our theme. Do you have any suggestions on how to strengthen this feature to avoid spams?

What’s the name of the theme, and where did you get it from?

Hi James,

It is a custom theme that we designed for our site. We have this email option for unregistered users only in the posts.

Ok, you might want to get in touch with your designers and have them look at some more modern implementations.

I do recall email sharing buttons being hijacked for spamming a few years back, but lately not so much. It would appear that most have found a better CAPTCHA-less alternative.

Thank you James. That was useful. We will ask our developers to check too.

@james and all

I disagree, because you can put new Google version of Recaptcha (mouse click one) and is working well for me (the clicky “I’m not a robot” one).

Like here:
https://www.google.com/recaptcha/intro/index.html

To date, it’s the most advanced solution because bots can’t (yet) catch mouse movement.

There’s some good theories on how bots can break image-matching CAPTCHA (rather than text-based CAPTCHA). Ironically, the theories involve using Google Image Search. ??

So far, I haven’t seen any published reports, it’s still a relatively new type of CAPTCHA, but regardless of effectiveness on bots, they’re still practically impossible for visitors with visual difficulties.

@james

This is a rather wide and very interesting topic, I guess people at Automattic are on the front-end of that research with Akismet.

As far as I know, image-recognition has made huge progress in the last decade and with php plugins like gd, no wonder how cheap bot spammers can read images. One of the latest recaptcha trick that everyone saw was to use blurry street address numbers. But apparently they found a crack in it too.

With this last version of Recaptcha, you’re right, people with visual difficulties might seem to be left off the road, but there HTML 5 comes to help:

We tested it without any assistive technology for simple keyboard use. Can I use the keyboard to check that checkbox, and can I see the keyboard focus to know where the cursor is? Yes, I can.
We tested with a couple of screen readers (VoiceOver running on a Mac, Narrator on Windows 8.1, and NVDA on Windows 7). Does the checkbox get announced by the screen reader as a checkbox, even though it clearly is NOT a native checkbox? And does it work properly when checking off the checkbox using the keyboard by pressing the space bar or double-tapping on the touch screen? Yes, on both counts. Google added ARIA’s role=”checkbox” to ensure that modern screen readers treat the span as a checkbox, and they allowed that span to take the focus using tabindex.
We tested with Dragon NaturallySpeaking. Using Dragon, can someone look at the screen and say “Click checkbox” or “Click I’m not a robot” to effectively click the checkbox? Yes, on both counts.

Excerpt from https://simplyaccessible.com/article/googles-no-captcha/

I won’t say I fully code now with RIA/accessible tags all over, but, it’s going on the right track overall.

Have a nice day,

Good to know, thanks!