Some measure seem good, others are questionable. Overall it probably won't really do much, though I guess every bit helps.
One thing I do wonder about is this "hidden CAPTCHA" thing they've introduced. Despite the fact this is nothing like a CAPTCHA, I'm really not sure how they think an additional setting will really make it harder for spambots to get through.
member_register_hiddencaptcha template
|
Existing spambot applications may need to be slightly tweaked to get around this. But as this is a forum system level thing, it's likely they'll do it - the only issue being when (not if).
The absurd part is that the name of the field can be changed. This is pretty much completely pointless - at most it makes the regex slightly tricker to write. And the code to get around it is much smaller than the code to implement all of this.
Well written spambots should automatically be able to bypass this anyway. If I were writing a bot, I'd automatically do something similar to:
|
(regex not deemed to be perfect, but if I wanted to do a 60 second fix to my spambot, this is probably what I'd do)
before trying to parse the <input> tags on the page.
So really, I don't give a damn what you name the field, this spambot bypasses it all without issue.
Not too sure why there's a setting to enable/disable this either, unless it's to get around the template updater not properly inserting the variable, although this won't really have any detrimental effect.
Other thing I'd like is a properly extendable CAPTCHA class (hint: interfaces), not some poorly designed OOP concept.