@dansup captchas might keep regular users out, or make them think twice, but those that want to test credentials or whatever, have ways around captcha. ddos+rate limiting might be more effective?