Jump to content

CAPTCHA script recommendations

webref.eu

By webref.eu
in Miscellaneous

 Share

Recommended Posts

  • 1 month later...
premiso Regular Member

premiso

Posted
Posted

OK, I'm taking a closer look at reCAPTCHA.  Can the look of the input box be customised to your site at all?

 

Thanks

 

It can, but you really do not care. The only users to see this box will be bots parsing the page. Regular users should not see this box at all, which is essentially the point. The bots will fill it in not knowing it should not be filled in, which is your check.

Link to comment
Share on other sites
the182guy Newbie

the182guy

Posted
Posted

I personally don't like reCaptcha much. It is large and could easily look out of place and odd depending on the design and colour scheme of the page.

 

The audio feature of it is pretty useless, I tried it and ended up giving up because the sound is so distorted to make it more secure.

 

They use two words, I don't see any need for this... if someone can write script to read one word then it is not going to be much extra work to have it read two words.

 

The words are also often too distorted I think. It's something that can be very frustrating if it's taking 2 or 3 attempts to submit a form.

 

I don't know if you can change settings and have it less distorted or change the style/size or anything like that.

 

You can easily create your own with PHP. All the functions are there to draw text, images, you can make a professional captcha yourself. I have done this myself.

 

There are also other innovative ways of doing the same job. The best one I've seen was on a site where it displayed 5 thumbnail cartoon type images of random objects, and it asked the user to select the two "hats".

 

Just my 2cents.

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted

Whoa, sorry I was not thinking of reCaptcha. I cannot find the original site I was looking at or even thinking of.

 

So here is my example:

 

<?php
if (isset($_POST)) {
    if (isset($_POST['somerandomname']) && $_POST['somerandomname'] != "") {
           echo 'Thank you.'; // this is just a friendly display cause they filled in the bad stuff.
    }else {
          // good they are not a bot process the form
    }
}
?>
<html>
<head>
<script type="text/javascript">
function process() {
    var elem = document.getElementById('somerandomname');
    elem.style.display = "none"; 
}
</script>
<form action="" method="POST">
<input type="text" id="somerandomname" name="somerandomname" />
<input type="text" id="fname" name="fname" />
<input type="submit" id="submit" name="submit" value="Submit!" />
</form>
<script type="text/javascript">process();</script>

 

That code will work for most bot spammers given that they have no Javascript functionality. A human spammer will still pass as long as they are using a browser with javascript capabilities. But this stops about 95% of spam on most of my sites.

 

Questions about that let me know, if I find the original creator I will post that information here.

 

EDIT:

http://freshervisions.com/articles/an-alternative-to-captcha-honeypot-forms/

 

Not the original as far as I know but a good article explaining it.

 

EDIT EDIT:

Found another site that has some other ideas and methods to help thwart spam:

http://nedbatchelder.com/text/stopbots.html

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

I personally don't like reCaptcha much. It is large and could easily look out of place and odd depending on the design and colour scheme of the page.

Which is why you can style this box to fit your site.

 

 

They use two words, I don't see any need for this... if someone can write script to read one word then it is not going to be much extra work to have it read two words.

 

Perhaps you should read how it works then. The whole point behind reCaptcha is that professional OCR software has failed on these scans.

Link to comment
Share on other sites
the182guy Newbie

the182guy

Posted
Posted

Mchl, that's exactly right.... reCaptcha seems to have been designed so that it is almost bulletproof.

 

I said in my post I don't know if you can change the theme of it, but I imagine you can't resize it to fit in a small area.

 

I have had feedback from users saying they have left a website because the captcha is too difficult to read. There are other ways to help prevent spam that do not give users headaches such as honeypots, a "military grade" captcha device is not the only answer.

 

Here is a quote from the link in this thread:

 

"Not to mention they are becoming more and more difficult for an actual human to pass and can sometimes take up to multiple attempts. I personally find them a nuisance."

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

I don't know what kind of users you have, but when I toyed with reCaptcha it seemed to be very tolerant to spelling mistakes :P

Of the two words you can usually pretty well recognize which one is the "known" one. For the other you can make mistakes. 

Link to comment
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

Perhaps you should read how it works then. The whole point behind reCaptcha is that professional OCR software has failed on these scans.

 

They are using text that OCRs failed to accurately read from newspapers and books.  I somehow doubt that the people in charge of scanning those pages to digitize printed text, are using software specifically designed to filter through captcha distorted text.

 

Recaptcha is a project that takes the text that failed to scan accurately, and uses that to build a captcha image.  If that text somehow beat out the best captcha cracking OCR software, then tell me, why does recaptcha further add their own image distortion to it?

 

I think they have a novel idea going on, but I also think it's flawed.  They depend on honest users for their project.  They assume that if you are able to correctly enter in one word, you'll get the other one right.  So first off, you only have to get one of the words right.  Even worse, you can just enter in whatever you want for the 2nd one and they'll just take your word for it and submit it as a valid translation. 

 

Get an average, you say? You see, on the one hand, it would make sense to get a "2nd opinion" to ensure accuracy.  That is, cycling the same text over and over again and picking the answer given the most.  Ideally, this would be an acceptable solution.

 

But on the other hand, that makes the captcha less secure, because you are reducing the randomness involved in the text creation.  It's already not very secure, since the text (since it is coming from print) is already a real word.  recycling the text makes it even less random, making captcha cracking software able to further exploit the captcha system.

 

So the bottom line is this:

 

The idea of Recaptcha is that people out there are trying to digitize printed text, and OCR software is flawed, so people have to hand-verify words all the time.  Well, people are already doing that through captcha systems, so it sounds like a great idea to mix the two.  But the more they try to ensure verification accuracy, the less secure the captcha will be. 

 

It's a brilliant idea, on paper.  But the reality is that in order to ensure captcha security, they have to add on their own image distortion, so at the end of the day, they are no better than some other captcha system, security-wise.  In fact, as mentioned, they are less secure, because 99% of the time, you're verifying a real word, instead of random text. 

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted

@CV, very valid point.

 

In my opinion, if they want to digitize text and the ocr cannot read the print, they are better off having a monkey in a cubicle and have him randomly push buttons.

 

Using this, as pointed out, you can enter anything. So what is the point of having that report back with what the word is. Especially since I bet 85% of all internet users can no longer spell due to spell check.

 

At least that is my opinion on reCaptcha. Go Monkeys!

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

Perhaps I'm not thinking right but:

 

1. OCR soft failed to recognize these words

2. They add extra distortion and a vertical bar (from my classes in image recognition I remember that such bars are pain in the rear end for software), so that should make it even more difficult.

3. Their system is used by large number of sites, so the influence of 'word recycling' issue is lower.

the only actual flaw I see, is that it uses real words

 

I'm gonna happily use reCaptcha on my sites.  It will be broken one day off course, but as of today I think it's good enough for me :P

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.