CAPTCHA or “Completely Automated Public Turing test to tell Computers and Humans Apart” is a system used to help prevent web robots from submitting forms. Most CAPTCHA’s consist of a series of letters and numbers that the user must read an enter to verify that they are in fact human. Many sites now employ CAPTCHA protection on their forms, requiring the user to validate theirself for tasks ranging from signing up for an account to simply sending a contact email.
Why do robots submit forms?
Robots submit forms for different reasons. In some cases it’s simply to take advantage of a service. On CraigsList.com for example, robots will automate the signup process so that they can post numerous ads for their owners. In other cases robots will submit forms looking for those who are not well protected. They can use these forms to remail spam or other bulk email.
Is CAPTCHA foolproof?
Certainly not. There are technologies that exist that can take the CAPTCHA images and actually “read” the contents of the image thus allowing them automated access to a form. To combat these technologies, there have been new generations of CAPTCHA developed.
A CAPTCHA with additional elements.
Additional Graphic Elements
Some CAPTCHA’s have incorporated additional graphic elements such as lines or in the case of the VH1 forum registration, a grid. This makes it harder for automated image readers to discern what’s in the image.
Multiple Words
Some CAPTCHA’s such as this one from CraigsList.com incorporate multiple words and additional graphic elements to try to fool automated readers.
Challenge Captcha
Some CAPTCHA’s require you to answer a question or solve a simple math problem. These so-called “challenge” CAPTCHA’s add another layer of complexity that any automated reader would have to work through.
Hard to Read Captcha
Some sites simply choose to make their CAPTCHA hard to read! This CAPTCHA from PHPBB would be hard for a machine OR a human to read. In some cases with hard to read CAPTCHA’s there will be an option to generate a new image with different numbers and letters. CAPTCHA makers realize that sometimes the CAPTCHA images are simply unreadable.
Flash-based CAPTCHA
The flash-based option may be the most secure of all (for now). In addition to the fact that it’s flash-based, it’s animated which would make it extremely difficult for any automated reader to break. Check out this example.
How does CAPTCHA work?
When you visit a web form, an image is dynamically generated and the answer for the captcha is stored in a browser session. When you enter the letters and numbers and submit the form, the value you entered is compared with the value stored in the session. If the values match, the form is processed.
Should I use CAPTCHA?
Definitely! If your web forms are not protected and you are not getting erroneous submissions yet, give it time and you will. In the beginning people simply listed their email address on their site. Robots harvest these easily. People then moved onto actual contact forms. This helped for a while then robots figured out how to submit these forms. Now, a web form used with CAPTCHA is your best bet for keeping form spam and automated exploits to a minimum.
{ 0 comments }