List of weakness
Found at: http://www.friendster.com/join.php
This is a very large and famous social network. CAPTCHA is a hn free CAPCTHA with something a bit updated. Well, result is still the same. OK, they get 3 stars, but that's all.
Found at http://signup.myspace.com/index.cfm?fuseaction=join
MySpace.com is a new giant, guys. But not in CAPCTHAs.
Yes, must say, it's nice, and hard to beat, but color model is not the only way to separate specific chuncks. It's possible to separate letter chuncks from background chunks basing in it's parameters, firstly - position and shape.
hn free CAPTCHA
This is a free php-class for generating CAPTCHA-images, found at http://www.nogajski.de/horst/php/captcha/. This is one of the free CAPTCHA scripts from great service phpclasses.org, but unfortunately this class is not as great as service. Well, all I want to say is that many CAPTCHA-creators thinks that getting a lot of ttf-fonts, and spinnig letters with different colors is enough to create good CAPTCHA. And, for sure, this approach is easy to implement - writing lettes with ttf-font in different angle is the only font operation which GD PHP library allows.
So, why this CAPTCHA is weak? Because a lot of fonts plus turned letters NOT EQUAL good CAPTCHA. Color model is ugly, anyone believes that it's hard to sepatare lettes from background?
Writing OCR for this CAPTCHA is only a task of getting correlational masks for each letter (0-9A-F = 16) for each font. A task for one evening.
Found at: http://www.liveinternet.ru/journal_register.php
Well, a little bit harder. But the noise is easy to remove, then we have the same situation - same font, size, position...
Found at: http://freehosting.myplace.com/
Still wery weak CAPTCHA - same font, same size, same position.
Human Verify series
Found at: http://www.humanverify.com/genDemo.asp
This CAPTCHA is implemented in more then 200 sites. For example:
All these sites are running the risk of some spamm messages of other automated access.
Found at: https://www.paypal.com/cgi-bin/webscr
Yes, that's true. Paypal.com took only two-star-complexity. It has a weak CAPTCHA with all classical weakness -
poor color model, bad noise, one font at one size.