Mar
14
2008

Enhanced Numbered Equation CAPTCHA – Killing Web Spam – Part 2

Share
Email

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is arguably one of the best ways to knock out the majority of spam you receive. Its become popular with web 2.0 applications. So much that its become widely used and thus spammers found a needed to crack it. If you can create a new and unique CAPTCHA however, you’ll be a lot safer then everyone else who tend to use the same script site after site.

About a year ago I tried a simple addition script. If you didn’t enter the right result of the simple query it would error. This actually works pretty well for me and most others right now. Especially since they have evolved into changing the numbers used in the addition after each refresh. When I use something like this I get even less spam slipping through. So I took the addition script a step further. Why? Because a single number can easily be copied over by a script and because not all servers I’ve worked with have ImageMagik and/or GD Library installed.

In about 15 lines I came up with a function that dynamically generated two numbers and allows an array of different signs/text/symbols to tell your users the appropriate math to apply in several different ways. Just add more to make it a bit more complex for spammers. You can also mix it up by inserting random characters between words: “Plus” or “P-L-U-S” or “P+L+U+S”.

  1. //USAGE: $answer = numbercaptcha();
  2. //****** Call this between <form></form>
  3. //****** $_POST will contain $_POST['number']
  4. //****** Check if $_POST['number'] is == to $answer
  5. //OPERATORS: Add additional $opperators to the array for more varriation
  6. function numbercaptcha() {
  7. //Set first and second num rand(min,max)
  8. $firstnum = rand(5,8);
  9. $secondnum = rand(1,4);
  10. $coinflip = rand(1,2) % 2; //Picks a random equation type
  11. if($coinflip == 0) {
  12. $math = $firstnum + $secondnum;
  13. $operators = array("+","Added To","Plus");
  14. $operatorschoice = rand(1,3) % 3;
  15. } else {
  16. $math = $firstnum - $secondnum;
  17. $operators = array("-","Minus");
  18. $operatorschoice = rand(1,2) % 2;
  19. }
  20. echo $firstnum . " " . $operators[$operatorschoice] . " " . $secondnum . " = <input type=\"text\" name=\"number\" maxlength=\"2\" size=\"5\">";
  21. return $math;
  22. }

Nothing is foolproof, this can be cracked too. But it will get you around the typical bot or “script kiddy” that wants to spam your site and cause more of a headache for the pros to want to deal with. When this gets beaten and spammers have automated their way around my method then I have another plan in mind. Thats another day however.

For now, I’ve found the key to avoiding spam is to stay away from typical CMS and/or forum systems that contain predictable code among several other cookie cutter sites. This defiantly isn’t a solution for most of you. But if you implement this code or something like it in the places that matter…something unique…you can break a spammers script by keeping your site out of the typical expectations of a spammer.

Also, a friend mentioned the addition/subtraction might be too hard for users and you’ll have lost comments/email. Maybe you’re considering that too? I have to question the quality of user that is leaving you a comment or sending you an email if they can’t add or subtract single digit numbers. Though you could increase the difficulty by adjusting the randomization seed and throw in some long division. That might be overkill :) .

If you’re keeping up with the spam series you might want to check out my last post: 5 Ways To Catch And Prevent Website Form Spam – Part 1. I updated the second block of code on that page to check the referring URL to prevent form abuse.

Respond: Leave A Comment | Trackback URL

Entrupeners, Subscribe for the lastest tools, tips, and tutorials.


One Response to Enhanced Numbered Equation CAPTCHA – Killing Web Spam – Part 2

  1. Pingback: Custom/Advanced Wordpress CMS Modifications - GameGate2k.Com Relaunched | Rob Malon [dot] Com

Leave a Reply

Custom Theme by Rob Malon | Content & Design © 2010 - RobMalon.Com - Chicago, Illinois