Wedge

Wedge's CAPTCHA is very easy to read. I have failed a lot of SMF CAPTCHAs, even those set to medium complexity, and for Wedge? Zero! Make of that what you will.

We could however set a delay to a couple of seconds. I suppose some bots could fill in a form and crack the captcha instantly, while a human definitely can't...

From the bots hitting my traps, the majority will login, and post within 1 to 5 seconds. (the record is 8 join,posts a second)
But generally, humans cannot/don't login and post a 2600+ character message within 3 seconds.

Slowing them down is only part of it. The other part of the variable timer thing is that they will hit the submit/post url before a human could.

Checking my traps logs I'd say the max time a bot will stay on a forum is 10 seconds. Seems the average is around 5, with 1 page hit per second. (roughly)

One my good forums it's set. On the traps.. they have free reign. (as far as that goes)

Once a person is a member.... well really, it wouldn't make any difference. The "Post" button would be grayed out until x seconds have passed. Once they have made xx number of posts, the timer or speed would not be a factor. Plus even if you did C&P a message, you couldn't submit until the timer ran out. Unless it was a bot.

This would be true, IF every forum was using the same timer. Also, it would be very rare that a spammer would slow his posting down to once every 30 seconds.
Going from 100 every 5 seconds to 100 every 30 seconds is a big deal when you have a list of 50K+ forums and 100 adds to blast.

Even if they set it not to come back as often, they would still have to wait xx seconds after hitting the new message page before submitting the post.

Look at from a humans point...
You hit the register page, the "Submit" button is grayed out with a timer counting down. It runs out and you join.
You go to post a message, same thing, the button is grayed out yada yada.. After x amount of posts, the timer is gone and you can post away.

Now,
From a spam bots point...
It hits the register page, it doesn't see the timer, but the url to submit. (Like it normally does)
It fills out the info, hits submit.. busted, rejected. xrumer shows a fail for that forum. (some will then remove the url others are to dumb)
IF it gets past the registration page, chances are, it will get nailed on the first post. Which will cause them to be suspended awaiting admin/mod approval, deletion or whatever. :)

A timer on the registration page is in use by some forums, and seems to work very well, from what I heard.
But keep in mind, a timer would not be common like CAPTCHA is, and therefore spammers are not going to bother adjusting the posting speed for just a few hundred forums. There are millions more they can post to. And I really don't think the authors would spend the time coding a parser either. At least not until it becomes as popular as CAPTCHA. But by then, we'll have something else to trow in their way. hehehe!

Please don't get me wrong! I'm defiantly NOT saying it's an end all be all solution! It's faaaar from that.
But, it is something that doesn't require checking internal or external anti-spam databases, keeping it updated, adding stuff to the htaccess etc...

That is very true!
And the more "optional" security measures that are end user configurable the better. Doesn't mater if they are all used at once or only one, every one of them have to be detected and cracked. There comes a point when the cost of bypassing verses posting speed/processor load makes it a waste of time.
Take for example xrumers re-CAPTCHA auto solve feature. It puts a load on the processor slowing down posting to the point that some suggest not using it and using an external solving service, or just manually solve it.
I feel Wedges CAPTCHA will be the same way.  :niark:

But you are absolutely correct in being unique and changing. You have to be!!
Anyway, I'll stop pestering you! LOL!

They will if Wedge becomes popular, especially if it becomes popular in a way that makes it predictable.

That said, we can actually get a bit more creative there ;)