Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Captcha Alternative, how secure?

Tags:

captcha

I do the web page for my local library, and I was thinking it might be kind of appealing to have a "custom" captcha based on book covers. So serve up one of several dozen book covers, and have the patron filling out the form type the book title to prove they're human. Assuming I stripped the title/author info from the image and filename, would that be enough? Would the fact that it was a unique system on a fairly small website be enough to make it effective? Just how tricky are the spam bots these days? Would having the image name be the ISBN # be too obvious?

Here is a sample cover:

Prove You Are Human
(source: mfrl.org)

like image 891
aslum Avatar asked May 02 '10 19:05

aslum

People also ask

Which is the most secure CAPTCHA?

ReCAPTCHA. Not to be confused with the RECAPTCHA reboot, ReCAPTCHA is one of the most popular CAPTCHA security alternatives. The solution uses scanned text and audio that an optical character recognition technology wouldn't interpret.

Is CAPTCHA secure enough?

Is CAPTCHA the perfect solution. No, it doesn't. For one, although Google's new system is supposed to be quite effective against automated bots, some hackers still reckon that they can organize an attack with a respectable success rate.

Can reCAPTCHA be hacked?

A reCAPTCHA isn't so much hacked as much as it is gamed. ReCAPTCHA farms and advanced bots can easily bypass both reCAPTCHA v2 and v3, because the former use humans to solve CAPTCHAs and the latter are crafty enough to seem so human the reCAPTCHA never suspects a thing.

2 Answers

You need to make it difficult for an OCR system to read the text. Otherwise the spam bot will easily get through your captcha, without any customisation from a human spammer.

That's why you see funny XORing, noise and distortion on most captchas these days.

As a matter of principle, it makes sense to NOT base the image name on something that can be looked up, although in the case of a local library, chances are low that any spammers will be writing custom scripts to defeat your captcha...

like image 87
Rob Fonseca-Ensor Avatar answered Oct 20 '22 00:10

Rob Fonseca-Ensor

Try, jQuery and html version from this: Practical non-image based CAPTCHA approaches?

like image 31
Chris Avatar answered Oct 20 '22 01:10

Chris
Sign in to Comment

Related questions

How to acceptance test captcha-protected web application functionality?
codeigniter captcha helper is not increasing text font size
Primefaces Captcha disappears or doesn't update/refresh on invalid input?
Captcha fails to prevent spam submission
reCAPTCHA vs other captcha systems
Can we have one click recaptcha only - not the picture puzzle captcha after it
How can I prevent automatic form submission by bots?
Integrating google reCaptcha into an existing payment form
Numeric Captcha for PHP
google recaptcha returns false due to "invalid-input-secret"
Facebook Share dialog always shows Captcha only on Android
Capcha always show incorrect
Captcha control not working with url-routing (ASP.NET 4.0 WebForms)
iframe element missing from selenium
execute code AFTER Recaptcha.reload() is finished

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!