Is Captcha needed even if users are forced to login to post? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 3 years ago.

开发者_运维问答 Improve this question

I've been working on this site - I used the phpdug script to help me get a quick start. I assumed that if I forced users to login in order to post links in this digg-like website, there would be no need for a captcha. This has not worked as you can see all of the car spam. Is a captcha necessary even if I force users to login? Also, is ther ea captcha you can recommend that is easy to read (I have trouble with a few capchas sometimes, get frustrated, and leave websites). http://fantasybookmark.com

---

Well I would only use a capacha and e-mail verification for the signup process. You shouldnt need to make a capacha when posting. You could count how many posts have been made by that user in the last ten minuits, if it exceeds a certain value then make them awnser a capacha.

---

This depends on the resource being protected. For instance, yahoo mail does not require captcha to login and read mail but does require it when sending email or initially signing up.

It is possible for logins to be compromised (or for people to sign up with the intention of exploiting something later with bots) so if there are certain resources that warrant extra protection from bots (in yahoo's case, their smtp servers), you can add the additional human check there.