Actually captcha these days is nearly full proof. Bots can't select street lights or click on buses in the captcha photos. The captcha of 2005 was easy to defeat which was just a simple 4-6 letter captcha but these days it's full proof.
If you're on a "clean" IP address, you can also use the audio captcha solver
buster, which is a browser extension that feeds the audio challenge back into Google's own speech recognition software. Captcha has gotten more advanced, but so have the tools used to solve them. It's an endless arms race.
Once I had my own faucets and gave up running them just because of the endless fight with continuous modernization of security. About once every two weeks, someone was cleaning the faucet's address. Not only the captcha was bypassed. Hackers found ways to bypass waiting time, they was finding some backdoors in script. Something new every time. I just lost my patience.
Ps. On other hand, I'm not a programmer, so I used other people's scripts. At one point I was almost sure that people were writing scripts for faucets with backdoors, only to steal from them later. But that is other story..
I was a forum moderator for a popular Bitcoin forum where people got paid for activity and it was a endless task to stop these bots. In the end,
we had to stop the automatic payment option and we had to implement a internal database that needed manual verification process to grant
approval of all the withdrawals to manage this risk. It became too time consuming to do this manually, so we stopped the "paid to post" option.
I take my hat off to sites that has to go through all this effort to automate payment/faucet options and to battle all these bots on a daily basis.