Playing with CAPTCHAs.
- Site News
Posted on: 2007-03-06 11:50:28
I started playing with the idea of adding in some measure of image validation to the posting some time ago. The wife had a couple of posts that spawned a lot of comment spam and we were trying to figure a way to eliminate it. Luckily it was fairly infrequent, so the few simple things put into place kept things down to a minor annoyance. Still, I kept going back to trying to figure out how to add in an image validation method, frequently called a
captcha. While my early attempts all failed horribly, I ran into some success this morning as you can see. Refreshing the page will make this image change. The text is based off of a simple algorithm that ends up tossing out a 5 digit hex number, but that might change. The shapes in the background, the orientation of the characters, and the snow are also random.
If I leave everything as it is, I could possibly get it with 3-4 hours work. I think adding it to rantfest itself would be easy enough, but toying with the backend pages will take longer. I am only wanting to add this in on a post-by-post basis with the default being off. The idea is not to inhibit people from posting but to keep automatic scripts from posting.
UPDATE: I think I am content enough with how things are working that I am going to go ahead and make this small update live. So you can play with it, if you want, I am making it active on this post. I also got to thinking that adding the 'Recall' function before this was a good idea. Now it if you either forget to type it in or if it is too legible for you to get the code right, you can click 'Recall' and try again.
Enjoy.
??
Posted: 2007-03-06 12:06:29, by Joe (dad-in-law)
How would this affect our posting comments? Do we have to copy something from that block? (6 and 8 looka a lot alike).
Joe
Yeah
Posted: 2007-03-06 13:10:32, by talam
The point of a captcha is that it shows a random image and you read the characters in it and input them in a text field when you post. The purpose is that it is a trivial effort for a malicious user to write a script to automate the posting comments. They are intentionaly a little hard to read since there are more sophisticated scripts that will read characters from images and input them as well.
I might just have this working later today so you can see how it works.
Hmmm
Posted: 2007-03-06 17:51:40, by TheBackofMyMind
Do you use random upper/lower case?
Also, the captcha that has popped up for me was just numbers. Perhaps you should try other combinations of randomness. For example, how about randomizing all 5 character positions individually. Making three of the character positions always disply one of the twently-six letters of the alphabet, while the remaining two character positions always display a number between 0 and 9. Of course if you really want to be adventurous, include a randomization of which character position receives the random character or number. Oh, and lastly, how about crating a few different styles of background noise for the captcha?
Not that I think you need the captcha, but I really like to give you useless ideas to waste your time.
True
Posted: 2007-03-06 19:40:14, by talam
As it stands, case is not important. The shapes do switch around. You are also more likly to see numbers than letters, and only letters between a-f. Basically, I generate a random number, generate a md5 hash of the random number, and pull 5 characters from the hash. The number is a hidden form element and the hash number is what you see in the image.
If I thought the captcha thing would be used more often I might get around to adjusting it more. Colors and fonts would be easy enough to switch up. But yeah, this is going to be a pluggin after problems arise kind of solution most likly, so there is not hurry.
Font
Posted: 2007-03-07 06:55:34, by Miller
Yeah, I'd suggest a serif font, so the B and the 8 would look less alike.
Posted: 2007-03-07 08:56:44, by Katie
Just wanted to type in random numbers and letters. 7646C 873T6 LOL
So now?
Posted: 2007-03-07 11:21:23, by Joe (dad-in-law)
When we post, we type the test in the image text box beside the hard to read thing. Well will see if this works. Is Erando going to do this also?
Joe
Here's another strategy
Posted: 2007-03-09 06:31:40, by Miller
Courtesy of XKCD.
http://xkcd.com/c233.html
Yup
Posted: 2007-03-09 14:26:31, by talam
Erin was all excited when she saw that as well.
