New Captcha Idea

[rosscowar]

Hey everyone. I've been talking to DarkDragon about a new captcha system and thought it'd be cool to get some insight on the project.

I'm uncertain if he's actually going to use it so I'm not 100% positive you're going to see it here yet but in the near future it may be possible.

Anyway I had a little bit of difficulty with the current captcha system in place and for good reason I'm not going to knock it.

However with any good captcha one thing should absolutely be accomplished. Prevent automated systems from doing ANYTHING.

Which consequently means allow humans, operating normally to do anything.

So I devised a captcha that I think can accomplish this. It would be extremely hard to write software to beat my system and it's fairly easy for humans to use it.

Check it out here...

http://go-ross.com/captcha/

What I'm looking for are critiques and ideas if you have them then post them here or PM me directly.

If you'd like to see this on Armageddon Games let us know!

If you'd like to use the code I'm working on any of your own sites let me know.

It will be protected under the Creative Commons License so you know the drill, you're free to use, modify and redistribute it so long as you keep the hidden disclaimer (invisible when using it) intact.

Anyway I haven't been able to get a lot of feedback on it so I hope someone is alive on here and can take a look at it. Test it out, make some suggestions, critique, whatever.

If you give some substantially good advice or offer any kind of help I'll definitely give you credit for everything you've done.

Thanks guys!

[gdorf]

I think if an algorithm can correctly identify characters from an image then solving a simple equation will be trivial in comparison. This will probably be effective in the short-term since most spam bots won't be designed to circumvent it, but that is probably true of most obscure captcha systems.

It can't hurt, I just don't know how groundbreaking it is.

[Chris Miller]

It doesn't have to be groundbreaking, it just has to be uncommon enough that spambot designers won't think of it. :)

[rosscowar]

Thanks guys. I agree it definitely isn't ground breaking but there really isn't any kind of captcha that is, is there?

In case you only answered one or two captchas there is actually a lot inside of it and it can all be configured.

For example if you refresh the page a few times there are random questions that are asked as well.

Random nonsense questions that any human could answer. A computer on the other hand would have to have an intense amount of programming in order to parse these questions and figure out a logical answer.

For example. "How do you spell dog?" Easy enough question and there are many variations of this in the captcha as well.

The mathematics have varying levels of difficulty and here in a few hours will have several representations as well.

For example instead 10 + X = 100 I will also use 10 plus X equals 100

Weird things like that will be scattered about.

Best thing is that it's database is obviously expandable! You can add and change questions as much as you want. Easily as well just by modifying the arrays within the programming.

If you have any suggestions though let me know! All will be appreciated!

[ctrl-alt-delete]

As most of the spam has died down due to the inability to put links in posts and sigs until a certain number of posts, I don't think this is necessary, especially considering the majority of what most people call "spam bots" are actually living, breathing humans that are paid to spam.

[gdorf]

It doesn't have to be groundbreaking, it just has to be uncommon enough that spambot designers won't think of it. :)

This will probably be effective in the short-term since most spam bots won't be designed to circumvent it, but that is probably true of most obscure captcha systems.

I agree

Anyway, nice work rosscowar, I see its a little more comprehensive than I had originally thought. And its good to see you are passionate about your work. Good luck!

[rosscowar]

Thanks! Yeah I've never developed anything for anyone else's websites that I wasn't somehow involved with the development team personally. Plus it was the first time that I've worked on image manipulation in PHP which is surprisingly crafty I may very well keep working on numerous things like this and hopefully it will be used in numerous places. Since it's still in a testing/development phase I won't actually be distributing the code anytime soon but it's available for anyone who wants it since I'll email it to you. I'd love for some pros out there to look through the code and critique it and everything or of course using it will always be nice :)

[rosscowar]

My captcha is officially live on the site and it's going through it's trial period!

Right now it is testing newcomers on the registration page but it may very well make it's way to the forums if things get out of hand :)

Either way it should be fun and interesting!

[Xyvol]

Although initially my lazy brain does not want to do math, I like the idea of using numbers. With numbers and equations there is only one answer. Questions with words can end up being open to interpretation and lead to incorrect answers. For example, "What color is the sky?" I'm sure you are looking for blue as the answer, but it's black at night, red and orange in a good sunset, and grey if you're color blind.

[rosscowar]

Hey there xyvol! I honestly didn't want to do the questions at first but I figured I'd build the functionality for it SO any other user of the captcha could easily make their own set of questions and answers and integrate it into their site.

All in all though it's extremely simple to change the questions and answers, I just added stupid silly questions to hopefully spark ideas and give the programmers an example of proper implementation.

If I were to use this on any of my own sites I would disable the questions and simply go straight math and see how effective it is. However a random question here and there is kind of fun too.

In the configuration page of the program you can enable or disable all of the following features.

Multiplication, division, addition, subtraction, big or small numbers, use questions and you can change the frequency in which a question will pop up. That is set at 30% by default.

My primary goal was versatility though, I primarily wanted it to be able to be used anywhere for a variety of purposes. So I also added the ability to easily change the color scheme, make the background transparent, and change the size of it as well.
In addition there are two different methods for implementation, you can use a session driven verification system OR an encrypted hidden post field verification system. Both of which work great but obviously session driven data is more secure.
Despite the fact that I highly doubt anyone will try to hack the encryption used on the post field.