Say if I wrote and hosted custom designed 100 different sites (small to middle sizes business), many of them will have online forms (all kinds), I want to add captcha protection to these forms.
Should I use a popular captcha scripts or write my own captcha scripts? the captcha.net said I should use the professional ones they have for us to download.
Of course, popular captcha scripts are more fancy. But the hackers are researching them too, once they break it, they will search for the ones who use it and attack.
So if I use the popular captcha scripts, every time it is broken by hackers or it has a new security updates, then I have to replace all these codes in the 100 sites I am hosting manually. Becase these sites and these forms are different. Not time wisely and financially possible.
But if I write my own captcha scripts, the chances that someone study my own captcha codes and try to break it are smaller than they break these pupular captcha scripts. Because our small to middle size business sites will not be worth them to do the research to break my captcha codes. Actually if they humanly research our codes, they will find that we are not like forums or blogs and we are not posting their inputs on the web sites.
So what should I do? use the popular captcha codes and always keep on update them (almost impossible), or write my own codes?
Or more fancy, use the professioanl popular codes and merge or modify with my own codes both (it is possible? never try to do this way before)? well, that will make the updates even more difficult. But due to I have another layer my own modification, the needs to update may not be so often?
Thanks!
