All of The Russian Federation and China is subject to CAPTCHA at the moment as we had been experiencing hundreds of cracking attempts per day.
That is now down to none.
I am monitoring the source of the hacking attempts and am considering backing off the regional blocks and going to only reputation based protection.
Most of the attacks are caused by bots doing brute-force user impersonation, some are running on machines without the user's consent, they habe been successful on a few users with weak passwords.. The CAPTCHA is effective at screening out those bots.
I have had to do too much database repair to consider lightly removing these blocks, but once we have migrated to the new site and installed some other anti-spam stuff I will do so.
-bob