Q&A works far better than ReCaptcha, and he already said the answer is impossible without emailing him.

The weak link in the chain is only 1 human spammer needs to email him and get the answer 1 time- then they can re-use the same answer forever if it is never changed making it worthless.

Paranoia at its finest. Seen it many times.
I went to your site, you have all forums closed from public view & what people to click the contact me button and send you the user name they are going to use as well as an email address to have you create an account for them... good luck with that....I can't see the contact me button get pushed that often regarding registration. Just my 2 cents.
Sheltering your site will close your site.

What I am seeing in the thread is a pointing game & you are not willing to listen to anything the previous posters have written and want to blame vbulletin.... I would suggest to you to submit a ticket on vbulletin.com if you really think this is the issue....I can't see the ticket going very far.
Appreciate what the members here are advising you to do, they speak from experience.
We have all been there.

I get little( 1 a month) to no spammers at all on any vb site I have or any that I may manage. The tools and advise are here for you to use, free of charge.....

Good Luck to you.

I've had my site now for a little over 3.5 years and i have a total of 108 spammers, they were all human as i use Q&A, my questions change every 6 months, i use vb3.8.7 (always upgraded but will never upgrade to the beta they call vb4), i do have bad behaviour installed and vbstop forum spam, but both are just set in logging mode they do nothing to the user, so i guess with that plain old Q&A that vb supplied i've had on average 30 human spammers a year, not bad eh?

I know you dont want to believe it but one of your signed up members is either a spammer or given the secret answer to a spammer, if you dont want to use Q&A why not install a picture Q&A, you know how it goes "click on the cat" and you have to click the correct pic, if you right click the pic and check the properties they're named something like 1zY5xoo234.jpg so no clues for the automated bot, only humans can get past that.

At the end of the day you will NEVER stop human spammers, thats the joys of being a forum owner.

So how exactly does that make it better than ReCaptcha?

From feedback from webmasters and my own use it for well over a year now it has been apparent ReCaptcha has been exploited in some way-

https://www.vbulletin.com/forum/show...-to-Combat-It?

My theory is the bots are copying the image and displaying it on file-sharing websites where thousands of people eagerly type in the answers every minute of the day.

That's one guess.

I've also seen a video showing that the vast majority of the time you really only need to type in the "easy" half of ReCaptcha for it to go through- in which case basic OCR can be enough, when coupled with multiple tries..

Ok let me try to make this more clear for those of you that dont seem to understand and think its my fault. I had the question and answer system in place and all was fine. All of a sudden spam registrations went through the roof. So I changed my questions. That did not help. So I figured they were human spammer answering the questions. So I changed the "answer" to the question to something that cant be guessed. There is no "answer". You have to email me personally from the contact uslink at the bottom of the main page and ask for the answer. Registrations were still going through even though I hadnt been contacted by anyone for the pass phrase that is necessary to complete registration. At least I thought it would be necessary to complete registration. And just so none of you say I gave out the answer one time and forgot I just changed the answer just now. Its a nonsense phrase that could never be guessed. I changed the answer and turned registration back on at 3:19 EST. Im going to the store and im betting when I get back I will have new spam registrations that should be impossible.

OK its now 6:39 and I just got home. I have 3 new registrations. Now tell me how can I have 3 new registrations when I have a question and answer system in place and the "answer" is not know to anyone. I havent given it to anyone, I just got home. So whats wrong with the question and answer system???

_________________________________

There is a new user, guccibags at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1041

Email Address : arnobeck369@gmail.com

_______________________

There is a new user, charleslsq at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1040

Email Address : ertfdgrkuuuu@gmail.com


____________________

There is a new user, Zonia LemmeDDFC at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1042

The good old days when the spammers were stopped with a simple captcha or a q&a challenge are over. Spammers have become more sophisticated not to mention the human spammers who will bypass any kind of restrictions. As mentioned above, there is no way of stopping them.

I just registered on your site and there was no question. You did actually try it yourself didn't you?

ETA: BTW, sorry for any inconvenience - you can delete the user I created.

You seem to only have one question, did you fill in the regex part of the question instead of adding answers?

Do you understand how the Q&A system works?

You're supposed to have 5-100 questions, with at least one valid answer.

Each time a user tries to register they get 1 of those questions randomly.

If you have one question, and one answer. Once someone FINDS the answer, or if your Question is bad because you don't have a valid answer or you have an invalid regex setting, you have NO SECURITY AT ALL.

I use Q&A and timers. If the registration is under 5 seconds, then I ban the user and ip.

The best protection is Q&A and have at least 10 questions.