What is the Best CAPTCHA to Prevent Spam?

CAPTCHA’s may seem like an inconvenience for a web surfer, but for a website owner they are an invaluable tool. This security mechanism serves to protect websites from SPAM content by posing a challenge response test only a human being could answer. Below we will not only take a look at the different types of CAPTCHA’s available, but we will also look at how they perform, ease of implementation and just how effective each one is.

What is a CAPTCHA?

A CAPTCHA is a challenge-response test that is designed to determine whether a web user is human or whether they are a “bot.” Bot’s are automated “robots” that spammers utilize to promote links and websites for profit. These automated robots are able to drop promotional links at a much faster speed than a human being coul, most often by utilizing commenting systems on blogs and websites. CAPTCHA’s are designed to prevent this link dropping by asking intelligent questions that require human intelligence to answer. They do not always ask questions and in some cases they simply require a user to decode a set of characters from an image and repeat them in an input field.

When a user correctly answers the CAPTCHA question or correctly decodes the characters from an image, the desired response is achieved. For example, a comment is posted to a blog or a form is submitted. When a CAPTCHA is entered incorrectly, the user is given a second opportunity to input the correct answer or the correct character string. If an incorrect answer is given multiple times, the site will not allow the user to complete the desired action.

Why Are They Important?

For website owners, CAPTCHA’s are an invaluable tool. Websites would be bombarded with SPAM comments and posts on their blogs, forums and websites without a CAPTCHA. SPAM comments are not only inconvenient, but they can be distracting to website visitors and at times destructive. Often spammers can utilize links in comments to install malware, spyware and malicious toolbars that make them profit, but severely impact a user’s ability to use their computer normally.

By implementing CAPTCHA’s, website owners decrease the speed at which spammers can drop their links in comments. This interruption in comment dropping or posting deters spammers from posting on websites because it becomes less cost effective for them and requires manual posting rather than automated posting.

What Types of CAPTCHA’s Are Available?

reCAPTCHA

The reCAPTCHA process has been built by Project Gutenberg – the people responsible for digitizing as much literary content as they can. Project Gutenberg utilizes a software solution that scans text using a text recognition software and records the information that is scanned. In some instances however, words are smudged or unreadable. When the system runs in to these snippets of text that it deems unreadable, it passes these sections of text to reCAPTCHA. The benefit to this system is that the information that is being passed on to the reCAPTCHA system is information which has already defeated one text recognition software. To make recognition of these text snippets even more difficult, the software also warps the text snippets it displays to make them even more difficult for computers to decipher by automated systems. Additionally, the system also mixes in words that have been interpreted with those that have not been.

Hidden CAPTCHA

Website owners would set up a specific question that is virtually answerable (i.i. How many gallons is in the ocean?). The CAPTCHA will remain hidden from users view. The reason this works is that if you offer an input box on a webpage, bots will fill it in before posting the form. By having the hidden CAPTCHA that bots will try to answer, it will block the spammers.

Text CAPTCHA

This module doesn’t use visual or auditory challenges, but instead uses logical questions with a list of appropriate answers. This is a good alternative if the website owner is concerned about the users of the website having issues reading traditional CAPTCHA’s

Egglue Semantic CAPTCHA

This is another alternative to the traditional CAPTCHA module. Users are prevented two sentences, each missing one verb. The user must input the correct verb that will make intuitive sense.

CAPTCHA Riddler

This module allows website administrators create their own unique questions. What is cool about this module is that administrators can create questions that match the personality of the website.

Draggable CAPTCHA

This asks users to pick the correct shape and drag it into an empty slot. For instance, there will be four shapes shown in color. There will be a grayed out shape next to these four, and only one of the four shapes will fit into the gray area.

How Do CAPTCHA’s Work?

The Image and Generating Code

This section of the CAPTCHA refers to the computer generated image that is going to be displayed. Most often this image is swirled or distorted in some way to make it more difficult to read. Some examples of this type of distortion include a background and letters or numbers that are a different color or letters that are distorted in appearance.

A Form Field

The form field is a necessary part of the CAPTCHA since it is where a website visitor will type the CAPTCHA. This form field is directly connected to the CAPTCHA that is being displayed on your website through code. This function allows for users to type the characters that they see and compare them to the characters displayed and submit them.

A Code Checker

Once the form field has been submitted, the information within that form is then checked against the CAPTCHA. If the code submitted from the CAPTCHA is correct then the form is submitted correctly or the person is sent to CAPTCHA protected pages. If the form is incorrect then the verification code generates an error and has the user refresh their browser and try again.

Deciding Which Design Is Right for Your Needs

There are a number of things to take in to consideration when it comes to choosing which of the above listed CAPTCHA’s is right for your personal needs. Your primary concern should be whether you can financially manage the CAPTCHA system you choose. While some of these security suites come free of charge, others may require a fee for installation and operation.

It is also prudent to assess what type of audience may be looking to threaten your website based upon who you are or the information that you provide through your website. This will help you to determine what level of security you need for your website to keep these people away. Knowing this will also help you to determine how expensive your CAPTCHA is going to be as well since the more customized options are going to cost more.

Difficulty and Concerns

While CAPTCHA’s are designed to make the lives of website owners easier, there are certain groups of people for whom CAPTCHA’s make life more difficult. These individuals include those who are blind or partially sighted, those who are color blind, the dyslexic, the elderly and people with intellectual or developmental disabilities. If you have a website catering to these groups you may want to reconsider the use of CAPTCHA. It should be noted that in recent years changes have been made to allow for audio CAPTCHA’s. While this adaptation allows for some groups to better use CAPTCHA’s, it still does not open the door for those who are deaf blind or for those that utilize text based browsers.

In some instances certain aspects of the CAPTCHA can be edited to make it more easily readable for the reader. Editable aspects include the size of the font, the background color of the font, the thickness of lines and the angle of the font.

Implementation

Implementing a CAPTCHA on your website is a great step towards securing your data; however, it is important that you understand that not all CAPTCHA’s work the same way. Some come in the form of simple to install plug-ins and require only a few tweaks to complete installation. Other CAPTCHA’s are a little more complex to implement, but regardless of which you choose, all come with detailed instructions on installation and activation. You will likely be able to use the more simple CAPTCHA’s with just minimal technical knowledge, but if you are looking to use something a little more complex you may want to seek professional assistance with implementation.

How Do CAPTCHA’s Trick Bots?

Bots are designed to rely on artificial intelligence. These programs look through the web to find email addresses to “scrape,” or forms to spam; however, they are not as reliable as human eyes. This means that when a bot runs in to a CAPTCHA it has a much more significant degree of difficulty in interpreting the data it’s seeing. Where some scripts are able to recognize images through the use of algorithms and extract email addresses from HTML, CAPTCHA’s are much more difficult for bots to read. They utilize random lines and distortions to change the appearance of the traditional number or letter which makes it difficult to bypass this security mechanism.

Pros And Con’s of Using a CAPTCHA

Pros

• There is one significant pro, it greatly reduces the number of spam comments received. Additionally, it reduces the amount of spam email received when it is combined with a contact page rather than simply listing a contact email address.

Cons

• Very frequently the distortion to letters and numbers on images is severe enough that some people have difficulty reading it too.
• Neglects to address some groups of individuals with disabilities that prevent them from using the service.

What Does the Term CAPTCHA Mean?

• Completely
• Automated
• Public
• Turing test to tell
• Computers and
• Humans
• Apart

Sure, it’s a clumsy acronym, but it explains itself quite well. It may be helpful to know here that Turing refers to Alan Turing who was an English mathematical genius seen by many to be the father of computer science.

Where Can CAPTCHA’s be Found?

The scripts and programs responsible for placing CAPTCHA’s on websites are becoming more main stream and are often built in to programs and blogging platforms. When these are built in to other platforms they are generally easy to install and use and require no additional installation of a second plug-in or script. If, however, you find yourself looking for a CAPTCHA script to add on to an existing service or website, then you will want to look in to installing a script on your server. Depending upon the security you need on your site, you will want to examine the level of security each script offers. There are many free CAPTCHA scripts to be found as well as paid scripts and programmers who can create custom scripts based on your needs. It is important to remember, that if you need assistance installing a CAPTCHA script then you will need to pay an hourly fee to a contractor unless your web server has a technical support service.

Are These Scripts Infallible?

No CAPTCHA script is infallible – at least it isn’t for long. The point is to slow down the spam process to make it inefficient to target a site that uses this security mechanism. As time progresses, the companies that manufacture CAPTCHA scripts are learning how bots work and gradually making the scripts more difficult to crack.

So what is the Best CAPTCHA?

The best CAPTCHA will always depend on the particular website and what the demographic of the users is. If you are looking for one of the better CAPTCHA’s currently on the market, and you don’t feel like many of your users are elderly or seeing impaired, we recommend reCAPTCHA, as it uses a combination of recognizable and unrecognizable type that bots have a difficult time reading. We also love how it helps to make thousands of books digital.