![[Image: captcha.php?action=regimage&imagehash=test]](https://camo.mybb.com/db77f97b6e2d4be2364dae79cd89e1e2cdbabd06/687474703a2f2f636f6d6d756e6974792e6d7962622e636f6d2f636170746368612e7068703f616374696f6e3d726567696d61676526616d703b696d616765686173683d74657374)
I think MyBB's CAPTCHA is way too easy. As you can see in the picture and in MyBB's code, the string is drawn after all the drawing schemes.
No act is done to destroy the string's look for the sake of deceiving spambots.
The proper way would be to execute some kind of blurring scheme such as the already built function "draw_dots" but AFTER drawing the string.
The MyBB default CAPTCHA is there to 'try' to prevent spam registrations shortly after the forum is installed. It is up to the administrator to configure the more secure alternatives (reCAPTCHA, Are You A Human)...
Still, changing from:
// Draw dots on the image
draw_dots($im);
// Write the image string to the image
draw_string($im, $imagestring);
To:
// Write the image string to the image
draw_string($im, $imagestring);
// Draw dots on the image
draw_dots($im);
Wouldn't hurt anyone. I consider it as a bug.
![[Image: 0VCQAZZ.png]](https://camo.mybb.com/99b4a7cc17064c90a40b3b9e6bbc620036013353/687474703a2f2f692e696d6775722e636f6d2f30564351415a5a2e706e67)
Cheers!