In keeping with the theme of reinventing the wheel and writing
everything from scratch on this site, I created my own CAPTCHA
solution several years ago to prevent spambots from emailing me
via the contact form on the home page. It's fairly simple, but
since it's completely unique to my site, I figured there's no way
anybody would bother taking the time to write a bot just to
solve my little custom CAPTCHA.
It seemed to be working fine. Every once in awhile I'd get
some spam, but I suspect the spammers were actually paying some
poor schmuck to fill out the CAPTCHA form manually. Not a big
deal - a CAPTCHA isn't going to stop a real person.
But this week I started getting a series of test messages,
identifying as “XRumerTest”. A quick Google
search reveals that XRumer is an advanced spambot capable
of solving basic AI-based CAPTCHAs such as mine. These were
clearly test messages, and not actually spam attempts, but they
were clearly sent by a spambot which had solved my CAPTCHA.
What interesting times we live in. Anyway, it recently came
to my attention that Google's re:CAPTCHA has gotten less
obnoxious to use, and I've implemented the older version
of it before without any trouble, so I've switchd to that.