There are dozens, if not far more, of captcha solver API's for extremely cheap. Captcha is very shallow bot "security" theater, they just deter the cheapest attempts.
latest greatest versions of captcha are more resilient to these types of services, but it's a cat and mouse game. I would recommend that you, as a sysadmin, learn at least the most basic things about this stuff.
> I would recommend that you, as a sysadmin, learn at least the most basic things about this stuff.
This sort of language is inappropriate and unnecessarily combative.
In any event, no filter screen is perfect. Getting rid of 80% of bot traffic is a good thing, even if you can't rid yourself of 100% of it. You can't let perfect be the enemy of "pretty good."
People use CAPTCHAs because they work--even if imperfectly. Of course, you have to stay on top of the latest implementations.
The GP comment was appealing to their own authority in a condescending way, I feel the tone was matched, but thanks for the feedback.
What you’re saying is true, although you can do simple blocks on user agent + geo ip alone and accomplish blocking a majority of bots anyway without captcha - but I’ll digress - that is not the topic of discussion. I’m not at all arguing that CAPTCHA doesn’t stop bot traffic - in fact my first comment says the opposite. Most bot traffic is extremely “dumb.” A mistake people make, which the gp comment seemed to, is that it stops bots dead.