New CAPTCHA

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 367
Joined: Thu Sep 16, 2004 9:02 am
Contact:

Re: New CAPTCHA

Post by Paul »

Why not do it as in this mod I do: http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0" target="_blank
- Background color changed
- Background chars fonts changed (and there color)
- Forground chars fonts changed, and rotating, and color (used ttf files for fonts)
Also can add easy different background images to make it more difficult.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: New CAPTCHA

Post by EXreaction »

paulus wrote: Why not do it as in this mod I do: http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0" target="_blank
- Background color changed
- Background chars fonts changed (and there color)
- Forground chars fonts changed, and rotating, and color (used ttf files for fonts)
Also can add easy different background images to make it more difficult.
Ya, that is a pretty good captcha...I installed it on a local board to check it out(I don't have any spam problem on my board...so I am leaving it the way it is for now)

The only thing I don't like about yours is the background...with the letters in it, once in a while it is a little hard to read the real text. :(

User avatar
DavidMJ
Registered User
Posts: 932
Joined: Thu Jun 16, 2005 1:14 am
Location: Great Neck, NY

Re: New CAPTCHA

Post by DavidMJ »

  1. Your CAPTCHA uses non GPL'd fonts
  2. Your CAPTCHA is weak
Attachments
easy_captcha.png
easy_captcha.png (8.65 KiB) Viewed 4917 times
Freedom from fear

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: New CAPTCHA

Post by EXreaction »

What about something like this:
http://www.captcha.net/cgi-bin/gimpy" target="_blank

User avatar
DavidMJ
Registered User
Posts: 932
Joined: Thu Jun 16, 2005 1:14 am
Location: Great Neck, NY

Re: New CAPTCHA

Post by DavidMJ »

That one was already beaten.
Freedom from fear

Mr.Jester
Registered User
Posts: 25
Joined: Sun Sep 12, 2004 9:28 pm

Re: New CAPTCHA

Post by Mr.Jester »

Suggestions for improvement of the current CAPTCHA.

General: Allow a random

Matching: something needs to be done to make the instruction text stand out more. I have seen several that the text blurs into the background making it difficult to read. Mabye a larger font or a color not used in the background. I am not sure.

Is there any issue with the images sometimes being so distinctly different that the bots can match the image just cause it is like none of the others?


Occlude: There have been a couple where the characters run of the edge. Intentional or not, I don't know. I have only seen on case where it made it hard to read and that was when the bottom of the lower row dropped off the edge.

3D: They all appear to start at 0 before a trough. Can the height and where the image starts in the crests and troughs be changed?

The rotation of the image. They are always lower left to upper right with slight variations in actual position. Perhaps all three axis can be given some more variance.

The pattern is always the same grid.

Disclaimer: Given my limited knowledge of OCR, I am sure there is some degree of deminishing returns on these ideas.

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: New CAPTCHA

Post by Highway of Life »

Hmm... how about not reinventing the wheel...
http://sam.zoy.org/pwntcha/

Further reading:
W3.org wrote: CAPTCHA
This type of visual and textual verification comes at a huge price to users who are blind, visually impaired or dyslexic. Naturally, this image has no text equivalent accompanying it, as that would make it a giveaway to computerized systems. In many cases, these systems make it impossible for users with certain disabilities to create accounts, write comments, or make purchases on these sites, that is, CAPTCHAs fail to properly recognize users with disabilities as human.

----

Sites with attractive resources and millions of users will always have a need for access control systems that limit widespread abuse. At that level, it is reasonable to employ many concurrent approaches, including audio and visual CAPTCHA, to do so. However, it must be noted that human users will fall through the cracks in these systems, and it will be necessary for sites like these to ensure that users with disabilities will have some human-operated means of interacting with a given resource in a reasonable amount of time.

The widespread use of CAPTCHA in low-volume, low-resource sites, on the other hand, is unnecessarily damaging to the experience of users with disabilities. An explicitly inaccessible access control mechanism should not be promoted as a solution, especially when other systems exist that are not only more accessible, but may be more effective, as well. It is strongly recommended that smaller sites adopt spam filtering and/or heuristic checks in place of CAPTCHA.
As I said before, we are not trying to protect a Bank Vault, we are trying to protect our forum against SPAM bots while letting users of all abilities the ability to easily sign up on a forum.
Image

Yawnster
Registered User
Posts: 342
Joined: Sat Jan 29, 2005 9:18 pm
Location: London, UK
Contact:

Re: New CAPTCHA

Post by Yawnster »

How about mutliple images... I am unsure of exactly how captcha breaking programs work, but I am sure that will work by downloading the image at some point.. By splitting the image up into mutliple ones, only to piece them together later on would make it rather alot more annoying to try and break. espically if characters were split across the images if you get what I mean..

I am merely suggesting this, I know it would decrease performance alot but surely its a possibility?

Yawnster

User avatar
DavidMJ
Registered User
Posts: 932
Joined: Thu Jun 16, 2005 1:14 am
Location: Great Neck, NY

Re: New CAPTCHA

Post by DavidMJ »

Yawnster: We actually did this in phpBB 2.0.x if the user did not have Zlib installed. Although it makes it more difficult for the computer, it would increase load times and load as well as introduces additional complexity to the way the CAPTCHAs load themselves.

Highway of Life: If you don't want to use the CAPTCHA, disable it. Last time I checked, it is currently disabled by default. I don't think you really understand the implications outside of mere spam, it is also a security issue. I also can't trust what this guy says if he can't beat some of the really simple CAPTCHAs that are very easy to break.
Freedom from fear

Xore
Registered User
Posts: 80
Joined: Mon Jul 21, 2003 11:44 pm
Location: The desert
Contact:

Re: New CAPTCHA

Post by Xore »

Yawnster wrote: How about mutliple images... I am unsure of exactly how captcha breaking programs work, but I am sure that will work by downloading the image at some point.. By splitting the image up into mutliple ones, only to piece them together later on would make it rather alot more annoying to try and break. espically if characters were split across the images if you get what I mean..

I am merely suggesting this, I know it would decrease performance alot but surely its a possibility?

Yawnster
It's a nice idea, but i don't think it's really effective. It's trivial with imagemagick or other cli tools to splice the images together.

when you consider the effort of implementing a framework to do browser-based image tricks (high) versus the amount of difficulty this adds to someone writing a spambot (little) it seems that the ROI is nil

Post Reply