Try my new CAPTCHA circle test

Akyhne · December 02, 2008, 10:51:21 AM

http://smf.e-debatten.dk/index.php?action=register (not a demo site, but feel free to register to try it out)

This is how the Cavecost CAPTCHA test works:

This extended CAPTCHA test adds additional 2-4 fake letters to the normal 5 letters in random order for each time the browser is opened on the registration page. Figures of different shapes are added above each letter, and for the fake letters the shape and color is shown in an additional captcha image:
Example:

In the image above, two fake letters has been added with a green # above them.
The fake code reads WCUEDKX
So the real code is WUEKX because the C and the D has a green # above them.

Pressing the "request another image" will recreate the CAPTCHA code WCUEDKX, but with other symbols above them and a new fake shape will be created in the image to the left and above the letter C and the letter D.

Example

So basically nothing is changed to the way the code is validated. Everything works like in a normal SMF CAPTCHA test, just with those fake letters in the code.

Added two extra captcha levels. This time it's not the shape test that is improved, but the CAPTCHA letters:

Medium level.

The hardest level. Not easy to read!

Issues:
~~I need to find a way that when the user clicks on "Request another image", the fake color needs to change also.~~
~~I'm also thinking of several random ways the user is told on what letter (color) to skip.~~ (not nessescary with the new way the test works)
It happens - but rare - that when clicking on "request a new image", the confirmation shape is wrong. It's a session problem and I don't seem to be able to find a way to solve this issue.

Edit: Attached the beta 1 for people try it out. Use it at your own risc!!
Edit: Beta 2 attached
Edit: Beta 2 rev. 1 attached (adds two new levels of letters)

Akyhne · December 02, 2008, 06:08:48 PM

No respons

Charles Hill · December 02, 2008, 07:29:40 PM

I like to see new approaches to anti-spam. Seems to work pretty well

How familiar are you with how spam bots actually function? I've been trying to develop anti-spam stuff also.

Akyhne · December 02, 2008, 07:38:09 PM

I don't have a clue on how they work. But I know they are using OCR software somehow to - aparently take a snapshot of the screen and then scan it for letters. So no matter how diffused you make the letters, I guess they at some point will solve the letters. Therefore this step to put fake letters into the capcha test.

Charles Hill · December 02, 2008, 07:51:18 PM

Well you wanna see my anti-spam? You can't even really tell it's there unless you look at the page source. http://degreesofzero.com/index.php?bc=post;article=30.0;comment;community

What I do is... I first generate a random string of letters and symbols (from a pool of symbols/letters). Then add that string to the end of each input/textarea's name and then encrypt them. So basically the end result is that all the html form field names are encrypted and change on every single page load. I figure if the spam bots don't know which fields to post what in, that should maybe stop them.

edit---
sigh... the captcha image isnt loading apparently... no idea why... gotta figure this out

temporarily disabled the captcha requirement. We'll see if any spam bots can post

borstein · December 02, 2008, 09:58:44 PM

Nice! I'd add a larger color swatch for matching.

Akyhne · December 03, 2008, 03:08:12 AM

Borstein: Larger color swatch?

Charles: I don't know if it has anything to say, but the square confirmation color is put in a random td of 5 td's that all changes names from every reload. And the color is put into the square with Javascript. So if they are reading from the source, they are not having any luck.
Besides the 8 colors are made from random rgb values.
Unfortunately the first choice of creating the finl mage in the original code is .gif. I have no idea why.

Besides I thought of adding at least 3 methods of telling the color, so each time a person is registering, there will be a different confirmation of the right color.

The only issue with this capcha idea and why it should only be used when you are under large attack: A lot of people are color blind!

Charles Hill · December 03, 2008, 09:06:51 AM

I had not even considered the color blind issue. On a side note... I haven't gotten any spam comments yet in the blogging community on my site and I disabled the visual verification requirement... I'm going to leave it disabled and see if spam bots are ever able to post.

lax.slash · December 03, 2008, 10:28:50 AM

For color blind, you could have an audio clip saying "GREEN x BLUE y RED 1 LEAVE OUT: RED" I have no idea how the hell this would be accomplished... but just an idea!

Also, are you planning to release this as a mod sometime?

hillrunr · December 03, 2008, 11:37:25 AM

Having a few family members who are color blind, that was my first thought also. I like lax.slash's idea to use the audio clip to tell colors, as well as what color to leave out if that would be possible.

Anything different than what's commonly used and not trivial to break will often be enough to hold the bots at bay. This would definitely be different than what's commonly used and it seems like it would add a whole new wrinkle to breaking it, making it very non-trivial.

Akyhne · December 03, 2008, 01:25:33 PM

Quote from: Charles Hill on December 03, 2008, 09:06:51 AM
I had not even considered the color blind issue. On a side note... I haven't gotten any spam comments yet in the blogging community on my site and I disabled the visual verification requirement... I'm going to leave it disabled and see if spam bots are ever able to post.

The first friend I tried the test on was colorblind

Quote from: lax.slash on December 03, 2008, 10:28:50 AM
For color blind, you could have an audio clip saying "GREEN x BLUE y RED 1 LEAVE OUT: RED" I have no idea how the hell this would be accomplished... but just an idea! Also, are you planning to release this as a mod sometime?

Audioclip: Well, it would give trouble with foreign languages, Besdies you can hear the right letters by clicking the audio link.
Mod: I have no idea how to make a mod out of the code, and the code I made is deeply implemented into the original code. I don't even know if it will be possible to achieve.

Quote from: hillrunr on December 03, 2008, 11:37:25 AM
Having a few family members who are color blind, that was my first thought also. I like lax.slash's idea to use the audio clip to tell colors, as well as what color to leave out if that would be possible.

Anything different than what's commonly used and not trivial to break will often be enough to hold the bots at bay. This would definitely be different than what's commonly used and it seems like it would add a whole new wrinkle to breaking it, making it very non-trivial.

About color blind: I will be adding several ways to let people decide what letter is a fake.

lax.slash · December 03, 2008, 03:10:30 PM

OK, then what if you did letters without a curl in them, or letters without a block behind them?

Akyhne · December 03, 2008, 03:16:57 PM

I'm not sure I follow you..

hillrunr · December 03, 2008, 03:25:14 PM

I'm sure there are a million ways but one thought, maybe different shapes. "Leave out the letters with the circle/triangle/square over them."

lax.slash · December 03, 2008, 03:32:44 PM

QuoteI'm sure there are a million ways but one thought, maybe different shapes. "Leave out the letters with the circle/triangle/square over them."

Yeah, that's what I meant. Like every letter has a cricle or something behind it, except for the ones that should be excluded. Or, every letter is written in one font, and the excluded letter is in another obviously different font.

Akyhne · December 03, 2008, 05:28:12 PM

Try this: http://smf.e-debatten.dk/index.php?action=register

Akyhne · December 03, 2008, 05:52:38 PM

Hmm, I can see I'm having a visit from a spammer. Let's see if he gets through. I'm only using medium level of captcha test.

Akyhne · December 03, 2008, 06:03:14 PM

Thinking about it, adding just one fake letter is not enough. As the bot has 3 chances to remove a letter, the real chance is 1:2.
Adding one more fake letter will decrease the chance to 1:10

Akyhne · December 04, 2008, 01:29:28 PM

I have now added a second letter to the capcha test. So now the user must deselect two letters out of 7. Besides shape and color is now also changing when requesting a new image.

For now the two letters are with the same shape and color but that is easy solved. However there is still a huge trouble I have to solve. Help is needed!!

When I click "Request another image", I don't know how to get the new shape and color to the browser. I think the only possability is via Ajax, but I know nothing about Ajax. Any help?

Akyhne · December 04, 2008, 01:36:13 PM

I have been home from work all day with an infected eye, so I had plenty of time to follow who visited the site. There were a lot of visitors and a lot of spammers there, but no one got through. This is not surprising as it is a new kind of test.
However I was surprised to see that many spammer visiting the site, so I guess some of the spammer developers are in this forum.
I was going to say something not nice to you spammer guys, but I better not. Instead read the "Spammers wanted" here: http://coppermine-gallery.net/

News:

Try my new CAPTCHA circle test