webref.eu Posted December 4, 2008 Share Posted December 4, 2008 Can anyone recommend me a free CAPTCHA script that I can use on a registration page, or do you think I'd be better off using a selection of simple text questions that only a human could answer? Many thanks. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/ Share on other sites More sharing options...
Mchl Posted December 4, 2008 Share Posted December 4, 2008 reCaptcha Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-706094 Share on other sites More sharing options...
webref.eu Posted January 30, 2009 Author Share Posted January 30, 2009 Thanks. Any more suggestions? Is anyone using: http://www.phpcaptcha.org/ and is it any good? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750655 Share on other sites More sharing options...
premiso Posted January 30, 2009 Share Posted January 30, 2009 Thanks. Any more suggestions? Is anyone using: http://www.phpcaptcha.org/ and is it any good? Thanks reCaptcha all the way. Down with captcha images! To fix mchl's link reCaptcha Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750659 Share on other sites More sharing options...
webref.eu Posted January 30, 2009 Author Share Posted January 30, 2009 OK, I'm taking a closer look at reCAPTCHA. Can the look of the input box be customised to your site at all? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750669 Share on other sites More sharing options...
premiso Posted January 30, 2009 Share Posted January 30, 2009 OK, I'm taking a closer look at reCAPTCHA. Can the look of the input box be customised to your site at all? Thanks It can, but you really do not care. The only users to see this box will be bots parsing the page. Regular users should not see this box at all, which is essentially the point. The bots will fill it in not knowing it should not be filled in, which is your check. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750676 Share on other sites More sharing options...
the182guy Posted January 30, 2009 Share Posted January 30, 2009 I personally don't like reCaptcha much. It is large and could easily look out of place and odd depending on the design and colour scheme of the page. The audio feature of it is pretty useless, I tried it and ended up giving up because the sound is so distorted to make it more secure. They use two words, I don't see any need for this... if someone can write script to read one word then it is not going to be much extra work to have it read two words. The words are also often too distorted I think. It's something that can be very frustrating if it's taking 2 or 3 attempts to submit a form. I don't know if you can change settings and have it less distorted or change the style/size or anything like that. You can easily create your own with PHP. All the functions are there to draw text, images, you can make a professional captcha yourself. I have done this myself. There are also other innovative ways of doing the same job. The best one I've seen was on a site where it displayed 5 thumbnail cartoon type images of random objects, and it asked the user to select the two "hats". Just my 2cents. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750688 Share on other sites More sharing options...
premiso Posted January 30, 2009 Share Posted January 30, 2009 Whoa, sorry I was not thinking of reCaptcha. I cannot find the original site I was looking at or even thinking of. So here is my example: <?php if (isset($_POST)) { if (isset($_POST['somerandomname']) && $_POST['somerandomname'] != "") { echo 'Thank you.'; // this is just a friendly display cause they filled in the bad stuff. }else { // good they are not a bot process the form } } ?> <html> <head> <script type="text/javascript"> function process() { var elem = document.getElementById('somerandomname'); elem.style.display = "none"; } </script> <form action="" method="POST"> <input type="text" id="somerandomname" name="somerandomname" /> <input type="text" id="fname" name="fname" /> <input type="submit" id="submit" name="submit" value="Submit!" /> </form> <script type="text/javascript">process();</script> That code will work for most bot spammers given that they have no Javascript functionality. A human spammer will still pass as long as they are using a browser with javascript capabilities. But this stops about 95% of spam on most of my sites. Questions about that let me know, if I find the original creator I will post that information here. EDIT: http://freshervisions.com/articles/an-alternative-to-captcha-honeypot-forms/ Not the original as far as I know but a good article explaining it. EDIT EDIT: Found another site that has some other ideas and methods to help thwart spam: http://nedbatchelder.com/text/stopbots.html Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750696 Share on other sites More sharing options...
Mchl Posted January 30, 2009 Share Posted January 30, 2009 I personally don't like reCaptcha much. It is large and could easily look out of place and odd depending on the design and colour scheme of the page. Which is why you can style this box to fit your site. They use two words, I don't see any need for this... if someone can write script to read one word then it is not going to be much extra work to have it read two words. Perhaps you should read how it works then. The whole point behind reCaptcha is that professional OCR software has failed on these scans. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750748 Share on other sites More sharing options...
the182guy Posted January 30, 2009 Share Posted January 30, 2009 Mchl, that's exactly right.... reCaptcha seems to have been designed so that it is almost bulletproof. I said in my post I don't know if you can change the theme of it, but I imagine you can't resize it to fit in a small area. I have had feedback from users saying they have left a website because the captcha is too difficult to read. There are other ways to help prevent spam that do not give users headaches such as honeypots, a "military grade" captcha device is not the only answer. Here is a quote from the link in this thread: "Not to mention they are becoming more and more difficult for an actual human to pass and can sometimes take up to multiple attempts. I personally find them a nuisance." Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750775 Share on other sites More sharing options...
Mchl Posted January 30, 2009 Share Posted January 30, 2009 I don't know what kind of users you have, but when I toyed with reCaptcha it seemed to be very tolerant to spelling mistakes Of the two words you can usually pretty well recognize which one is the "known" one. For the other you can make mistakes. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750778 Share on other sites More sharing options...
.josh Posted January 30, 2009 Share Posted January 30, 2009 Perhaps you should read how it works then. The whole point behind reCaptcha is that professional OCR software has failed on these scans. They are using text that OCRs failed to accurately read from newspapers and books. I somehow doubt that the people in charge of scanning those pages to digitize printed text, are using software specifically designed to filter through captcha distorted text. Recaptcha is a project that takes the text that failed to scan accurately, and uses that to build a captcha image. If that text somehow beat out the best captcha cracking OCR software, then tell me, why does recaptcha further add their own image distortion to it? I think they have a novel idea going on, but I also think it's flawed. They depend on honest users for their project. They assume that if you are able to correctly enter in one word, you'll get the other one right. So first off, you only have to get one of the words right. Even worse, you can just enter in whatever you want for the 2nd one and they'll just take your word for it and submit it as a valid translation. Get an average, you say? You see, on the one hand, it would make sense to get a "2nd opinion" to ensure accuracy. That is, cycling the same text over and over again and picking the answer given the most. Ideally, this would be an acceptable solution. But on the other hand, that makes the captcha less secure, because you are reducing the randomness involved in the text creation. It's already not very secure, since the text (since it is coming from print) is already a real word. recycling the text makes it even less random, making captcha cracking software able to further exploit the captcha system. So the bottom line is this: The idea of Recaptcha is that people out there are trying to digitize printed text, and OCR software is flawed, so people have to hand-verify words all the time. Well, people are already doing that through captcha systems, so it sounds like a great idea to mix the two. But the more they try to ensure verification accuracy, the less secure the captcha will be. It's a brilliant idea, on paper. But the reality is that in order to ensure captcha security, they have to add on their own image distortion, so at the end of the day, they are no better than some other captcha system, security-wise. In fact, as mentioned, they are less secure, because 99% of the time, you're verifying a real word, instead of random text. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750805 Share on other sites More sharing options...
premiso Posted January 30, 2009 Share Posted January 30, 2009 @CV, very valid point. In my opinion, if they want to digitize text and the ocr cannot read the print, they are better off having a monkey in a cubicle and have him randomly push buttons. Using this, as pointed out, you can enter anything. So what is the point of having that report back with what the word is. Especially since I bet 85% of all internet users can no longer spell due to spell check. At least that is my opinion on reCaptcha. Go Monkeys! Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750820 Share on other sites More sharing options...
Mchl Posted January 30, 2009 Share Posted January 30, 2009 Perhaps I'm not thinking right but: 1. OCR soft failed to recognize these words 2. They add extra distortion and a vertical bar (from my classes in image recognition I remember that such bars are pain in the rear end for software), so that should make it even more difficult. 3. Their system is used by large number of sites, so the influence of 'word recycling' issue is lower. the only actual flaw I see, is that it uses real words I'm gonna happily use reCaptcha on my sites. It will be broken one day off course, but as of today I think it's good enough for me Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750826 Share on other sites More sharing options...
Daniel0 Posted January 30, 2009 Share Posted January 30, 2009 +1 for recaptcha from me. Quote Link to comment https://forums.phpfreaks.com/topic/135541-captcha-script-recommendations/#findComment-750940 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.