Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

The world of captchas

Monday, June 29th, 2009 by Servage

recaptchaWe all see them everywhere we go in the virtual world of the Internet: Those annoying series of letters and numbers we have to type in to submit a form, often making no sense at all. The captcha. It is a challenge response used to validate an input is originating from a human being rather than a computer system (automated bot). It is used to avoid abuse and junk data being sent via web forms to spam discussion boards, contact forms etc.

If you want to have a captcha on your website to gain above advantages, then you have two ways to go: You either create an own captcha system, where you generate random images with a certain string of characters that the user has to type in, or you use a ready solution, like for example reCaptcha.

reCAPTCHA is free to use and gives you an easy way to implement a captcha function on your website. At the same time you participate in the project behind reCAPTCHA: Scanning books! For each time a user types in a captcha using reCAPTCHA it will help to identify some unrecognizable letters from a book scan.

The world of captchas, 3.7 out of 5 based on 19 ratings
Categories: Servage

Keywords: , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

19 comments (leave a comment)

This is interesting!

Indeed it is, nice to see how you can combine different technologies this way.

get in implemented on servge

As you might have seen it is already implemented in the Wiki and in the Blog. We are still considering implementing it in the control-panel. That is not yet decided and future will tell.

allways a bit risky with external things

You are right than one always need to judge if application is a risk. But on the other hand if you set out to write one yourself, you always need to make sure it is tested and secure. Using an external app you may rely on the open source communities for updates and finding and sharing weak spots. There is pros and cons no matter what you choose. We prefer the open source solutions cause we often feel it is proven to be more reliable versus a “closed” app (since there is lots of users monitoring the code).

The problem with Captchas though is that they are flawed, and inaccessible. Yes, there are audio alternatives, but these make it very difficult for those who are deaf, and often the captchas are so indecipherable it completely defeats the purpose.

I dislike captchas beyond belief. Often it is stated that they form a problem for the disabled users, but I find myself more and more in the situation where I just can’t solve a captcha. Issues I encounter:
– Unreadable text (characters and backgrounds with very little contrast and different fonts)
– Do I need to use capitals or all lower case? (differs per site)
– Crashed captcha servers while the rest of the website still functions (result: no access to the login)
And they just don’t fix the problem they intended to fix: differentiate between humans and machines. To stick with this for a moment, what if I want an auto-login at Servage (which I used to have)? That suddenly went broke, while I still am human (I try to let my machine do all the hard work). But the differentiation; a recent news post stated that in China rooms full of children are breaking captchas and put the answers in a database along with the captcha file name. Many larger websites use static addresses because of server load, so in those cases people who want to misuse a service can easily buy such a database. Many sites are now in transition to dynamic addresses to disable this misuse. But they will find something else… Conclusion: captchas put the problem at the client side while the real problem is at the serving party. Thus fix it there.
Anyway, Servage, please get rid of your captchas, the new country/IP address (geo)filter works just fine.

PS: Captchas from hell: http://www.masterthebusiness.com/2008/03/20/captcha/

OK, the one we had in the control panel could have been better (a change is on its way), but these samples are truly bad. I wonder how they expect customers to come back.

Honestly… the captchas on the control panel really sucks. Sometimes, eventhough you type the right thing (or so it really seems), they fail….

And about recaptcha … asking persons, (whom mostof are just newbies when it comes to the web) to decypher “unrecognizable letters from a book scan” is just beyond awesomely stupid :D

Sorry about that but the point is just to kill the spambots, not to put your customers or visitors into trouble.
The 2+2 field works well, also on one of my websites I did a “remove the text from this field and leave it empty” field. Which works well ( but a little hard for a few people though ) :)

Just my opinion,

best regards,

PEM-

Trust me, we would really love a world without the CAPTCHAS, but as one of the largest hosting provider with lots of domains, we are every day targeted by robots and “crime-gangs” trying to get access to your accounts using bots. We always have to be a little smarter than the “spammers”.

One of the smarter suggestions given to me, at least for use on personal sites (I’m no expert so I wouldn’t implement it in ‘big business’ environments without knowing for absolutely certain that it’s safe), is to use a “blind” field targeting bots specifically. Like a mouse trap. I posted an article about it a while back in case anyone finds it interesting — http://www.inkpattern.com/webdesign/using-css-to-stop-spambots/
I’ve used it for a good while now and the experience indicates that it works quite well.
ReCaptcha is a fairly good solution if you don’t mind using a remote service. But in general, captchas that use graphics in one way or another are most of the time quite shabby. While it has improved since the remake a while ago, your own cPanel captcha is sort of a good example of that… ;)

Cheers

I dont usually have a problem with catcha systems with two main exclusions:

phpBB
I understand that database searches take up system resources but if I am new to a BB and searching to see if the information I require is on there before I sign up, then it really annoys me to fill out the captcha on the site. isnt the challenge question enough??

Servage’s Control Panel.
Granted, the images seem to be easier to real latley but I still hold my breath when submitting… some times it can take 5 attempts to get in! and I am sure I have been rejected several times when I have entered the correct letters!

My preference for a captcha?? sameas my banks. I log in, and get a challenge page.. I also get an SMS sent to my preauthorized phone. I anter the code in the SMS..

Using this method, you not only validated that the user is a human, but in actually the user!

Hi

How about using a keyboard on the page to lessen reading of keystroke problems on say the login control panel, along with the bank-style “gimme the 3rd, 5th and 7th character of your password etc.?

Les :)

I use this on my sites & is clear to read , can be refreshed if you are unsure of image without reloading the page & has audio for visually impaired visitors/members.

I just wish Servage would use it I am part colour blind & have hell of a job entering the correct digits on their one plus half the digits are only partly visible as disappear in to the bottom of the table.

The big problem with captcha is deciphering them! Very often the letters are SOOO abstract its like “why not just put the images in regular straightline arial” I mean its not like the bots can read images, just as long as they ARE imaged hotspots to stop spam from proceeding. Sometimes people get really wacky and arcane with it. Just my two cents lol.

Well…..I agree with most of the things you said. Anyway, thanks!

your post has interesting information
I will add you to my blogroll so I can come back often.

Leave a comment

You must be logged in to post a comment.