Random Question on signup
 

How is the random question supposed to increase security? Type the math question into a modern VHLL at the command line, and you get the answer. Observe:

in Python. In captchas (apparently) one can get the answer to the "required" answer with fairly easy methods.

How is this secure?

l knew it wouldnt stop all bots, but it has cut down spam levels of bots along with our spam prevention system.

l knew captcha was busted years ago, so these days its pretty much about making it slightly harder to get around and while it is true regarding your comment.. the best we can do is keep on randomly generating fields so the post data is slightly harder to guess.

Any chance of a better suggestion?

I mean this without trying to be nasty, but we get script-kiddies coming up to the admins of this site just about every month, their first ever post to the site being "Hey, your server X code isn't completely secure, I can see the password entry screen and can read your MYSQL Exceptions and your catchpha has a default technobabble" etc.

I'm not saying thats why you are or are or doing, but if you have got a better, feasable idea that doesn't either cost thousands of dollars or involve hundreds of man hours please make it.
We are more than interested in advice and solutions.

Because often in my experiance challening the many criticisms we get with the simple question of "Well, what would you do?" usually just gets the answer "Erm... well, actually its impossible to fully secure this... I was just telling what you already knew."
Or
"You should move to another server, it only costs $5000 a month!"

Practical and Practicable solutions welcome~ As for the vulnerabilities, I think we're largely pretty aware of them, our admins and some of our Mods have had their own time getting up to hijinx and naughtyness in the past~