New CAPTCHA

[Paul]

Why not do it as in this mod I do: http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0" target="_blank
- Background color changed
- Background chars fonts changed (and there color)
- Forground chars fonts changed, and rotating, and color (used ttf files for fonts)
Also can add easy different background images to make it more difficult.

[EXreaction]

Why not do it as in this mod I do: http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0" target="_blank
- Background color changed
- Background chars fonts changed (and there color)
- Forground chars fonts changed, and rotating, and color (used ttf files for fonts)
Also can add easy different background images to make it more difficult.

Ya, that is a pretty good captcha...I installed it on a local board to check it out(I don't have any spam problem on my board...so I am leaving it the way it is for now)

The only thing I don't like about yours is the background...with the letters in it, once in a while it is a little hard to read the real text.

[DavidMJ]

1. Your CAPTCHA uses non GPL'd fonts
2. Your CAPTCHA is weak

[EXreaction]

What about something like this:
http://www.captcha.net/cgi-bin/gimpy" target="_blank

[DavidMJ]

That one was already beaten.

[Mr.Jester]

Suggestions for improvement of the current CAPTCHA.

General: Allow a random

Matching: something needs to be done to make the instruction text stand out more. I have seen several that the text blurs into the background making it difficult to read. Mabye a larger font or a color not used in the background. I am not sure.

Is there any issue with the images sometimes being so distinctly different that the bots can match the image just cause it is like none of the others?


Occlude: There have been a couple where the characters run of the edge. Intentional or not, I don't know. I have only seen on case where it made it hard to read and that was when the bottom of the lower row dropped off the edge.

3D: They all appear to start at 0 before a trough. Can the height and where the image starts in the crests and troughs be changed?

The rotation of the image. They are always lower left to upper right with slight variations in actual position. Perhaps all three axis can be given some more variance.

The pattern is always the same grid.

Disclaimer: Given my limited knowledge of OCR, I am sure there is some degree of deminishing returns on these ideas.

[Highway of Life]

Hmm... how about not reinventing the wheel...
http://sam.zoy.org/pwntcha/

Further reading:

CAPTCHA
This type of visual and textual verification comes at a huge price to users who are blind, visually impaired or dyslexic. Naturally, this image has no text equivalent accompanying it, as that would make it a giveaway to computerized systems. In many cases, these systems make it impossible for users with certain disabilities to create accounts, write comments, or make purchases on these sites, that is, CAPTCHAs fail to properly recognize users with disabilities as human.

----

Sites with attractive resources and millions of users will always have a need for access control systems that limit widespread abuse. At that level, it is reasonable to employ many concurrent approaches, including audio and visual CAPTCHA, to do so. However, it must be noted that human users will fall through the cracks in these systems, and it will be necessary for sites like these to ensure that users with disabilities will have some human-operated means of interacting with a given resource in a reasonable amount of time.

The widespread use of CAPTCHA in low-volume, low-resource sites, on the other hand, is unnecessarily damaging to the experience of users with disabilities. An explicitly inaccessible access control mechanism should not be promoted as a solution, especially when other systems exist that are not only more accessible, but may be more effective, as well. It is strongly recommended that smaller sites adopt spam filtering and/or heuristic checks in place of CAPTCHA.

As I said before, we are not trying to protect a Bank Vault, we are trying to protect our forum against SPAM bots while letting users of all abilities the ability to easily sign up on a forum.

[Yawnster]

How about mutliple images... I am unsure of exactly how captcha breaking programs work, but I am sure that will work by downloading the image at some point.. By splitting the image up into mutliple ones, only to piece them together later on would make it rather alot more annoying to try and break. espically if characters were split across the images if you get what I mean..

I am merely suggesting this, I know it would decrease performance alot but surely its a possibility?

Yawnster

[DavidMJ]

Yawnster: We actually did this in phpBB 2.0.x if the user did not have Zlib installed. Although it makes it more difficult for the computer, it would increase load times and load as well as introduces additional complexity to the way the CAPTCHAs load themselves.

Highway of Life: If you don't want to use the CAPTCHA, disable it. Last time I checked, it is currently disabled by default. I don't think you really understand the implications outside of mere spam, it is also a security issue. I also can't trust what this guy says if he can't beat some of the really simple CAPTCHAs that are very easy to break.

[Xore]

How about mutliple images... I am unsure of exactly how captcha breaking programs work, but I am sure that will work by downloading the image at some point.. By splitting the image up into mutliple ones, only to piece them together later on would make it rather alot more annoying to try and break. espically if characters were split across the images if you get what I mean..

I am merely suggesting this, I know it would decrease performance alot but surely its a possibility?

Yawnster

It's a nice idea, but i don't think it's really effective. It's trivial with imagemagick or other cli tools to splice the images together.

when you consider the effort of implementing a framework to do browser-based image tricks (high) versus the amount of difficulty this adds to someone writing a spambot (little) it seems that the ROI is nil