your captcha is too weak and is almost useless to prevent bruteforce attacks and attacks like creating lots of tickets as mentioned above. I would advise to use strong captcha.
It can be easily decoded with any OCR for example
use tesseract-ocr-setup-3.02.02.exe
after installing this just run command
tesseract captcha.png decoded.txt -l eng
example:
It will be accurate 95% of times.
It is possible for an attacker to code some automated tool to launch bruteforce attacks, create 1000's of new users, create lot of supprot tickets etc.
thanks
It can be easily decoded with any OCR for example
Code:
https://code.google.com/p/tesseract-ocr/downloads/list
use tesseract-ocr-setup-3.02.02.exe
after installing this just run command
tesseract captcha.png decoded.txt -l eng
example:
It will be accurate 95% of times.
It is possible for an attacker to code some automated tool to launch bruteforce attacks, create 1000's of new users, create lot of supprot tickets etc.
thanks
How will the attacker create 1000's of new users ? It seems email authentication is required to create each user.