CAPTCHAs

piersk

Anyone had any experience with these? I'm looking to put one on the registration of a new site, but not sure what to look for. I've found a few that are out there on the inter-ma-web, but they seem to come out with really unreadable images.

vaaaska

i wrote one that randomizes some stuff awhile back. funny thing is that i don't use an image as it simply outputs text in a little box. a person can even cut and paste the text if they want. works perfectly.

goldbug

There's a PEAR package for CAPTCHA, but it's really not that great compared to others, imho.

bpat1434

Piersk:
If you wait like a few days, I wrote an article on how to create something similar to this (though not as involved) for PHPBuilder. Scott should be publishing it this week, possibly early next week. It uses gd2, but I'm pretty sure that's standard on most servers now-a-days.

Not sure if it's what you're going after, but it might help.

Weedpacket

vaaaska wrote:
funny thing is that i don't use an image as it simply outputs text in a little box. a person can even cut and paste the text if they want. works perfectly.

Reasonable: for a bot to exploit that it would have to recognise that this piece of text on the page should go into the CAPTCHA field. And since it's not likely to read and understand the instructions on the page, someone would have to look at the page and specifically write the bot to suit.

And, depending on the CSS used to identify the box, its specification in the page could be randomised from display to display (though without changing its rendered appearance or location), making it harder to parse out at the source level.

vaaaska

For me it was an aesthetic thing - I didn't want a captcha image on a page I designed (unless absolutely necessary). I got the idea from Aidan...

http://aidanlister.com/repos/?file=function.text2array.php (scroll down to see it)

I believe the entire set of code for his site is available for download...when I my captcha it wasn't so I don't know his technique. Could make things easy for you (Piersk)...

MarkR

Personally I'd say, stay away from CAPTCHAs until such a time as you have a real problem with robots registering on your site.

People hate them, and they're ugly. People often get them wrong, and it pisses them off.

If of course, you know from experience that this site is going to have hordes of robots trying to do automated registration, then a CAPTCHA may be the way to go.

Personally I'd go for something that does some client-side jiggery-pokery to simply make it moderately difficult to create an auto-registration robot.

For example, if you have a hidden form field which is filled in by Javascript, which uses several values and performs an operation (such as multiplication). The server does the same operation and checks the result. Anyone with Javascript disabled (for example, a robot) will fail this test. This won't stop someone who has the ability to reverse-engineer this process from creating an autoreg bot, but it will stop "off the shelf" autoregistration bots.

Another obvious way to stop robot registrations is to have each registration vetted by a human before they can use your site.

Mark

piersk

I don't think people get annoyed by them if it's something you have to do just the once when you register. Once you get to the point that whenever you post something you have to use a captcha then you're going to start pissing people off.

MarkR

I still don't understand why you need to use a CAPTCHA if you're not expecting hordes of robots trying to register.

I've never had a problem with robots registering on my sites.

Mark

piersk

One would hope not. I think I'll just play it by ear for now.

Merve

Another issue that arises from using CAPTCHAs is having to provide an auditory validation alternative for the visually-impaired. I don't know how you'd implement that, but I'm pretty sure it's by no means mandatory, but highly recommended if your site is very popular.

bpat1434

I honestly don't think it's that hard. Just record your voice saying the alphabet and 0-9. Then, just use those to play through a sound device (Flash or whatever) on the page.

~Brett

Weedpacket

With the method vaaaska linked to, someone using a speech reader would be automatically accommodated - the CAPTCHA would be spoken along with everything else.