Posted April 5, 2017 by Amber Benson in Internet Marketing Training

Do you Need Captcha?

Dear Captcha, I'm a human
Dear Captcha, I'm a human

To protect online submission forms from spam bots and other auto-posting programs, webmasters often use captcha. Even though it keeps the simplest those programs and bots out, it also prevents a lot of real people from commenting or sending a contact message.

Captcha stands forCompletely Automated Public Turing test to tell Computers and Humans Apart” and now you know why no one refers to Captcha with its full name! It’s also called a Turing Test or reverse Turing test, but again, most people just know it as Captcha. Most commonly, the way it works is the user is shown some garbled text and is supposed to type that  text into a box and submit it, just to prove that they are really human.recaptcha

The problem with Captcha is that sometimes the characters are really difficult to read, particularly for parties with impaired vision. Typically, if the Captcha is too difficult to read, a person might just click the back button. For example on those “report broken link” links you often see in software directories, I give up sending the report if the Captcha is too hard to read. I’m pretty sure most people just give up too – their time is more valuable to spend time struggling with a Captcha.

Now the webmaster could determine the Captcha easier, but, using  standard Linux tools like GD, a simple Captchas can be easily hacked. Actually, now even medium hard ones are being hacked. But it gets worse. Indian and Pakistan now have data centers dedicated to resolving Captchas. A spammer can now buy code and an API through which his software can send the Captcha image to one of those data centers where a real human will solve it. It only costs a measly 1 or 2$ per 1,000 Captchas solved. Surprising, yes?captcha

Although Captchas will keep out amateur hackers, serious spammers are not detered. All the while real humans who want to contribute real and value “content” to the site are kept out by the hundreds.

Other forms of Captcha are beginning to appear.

  • The math solving Captcha: this one shows the user a simple math problem (3+20 =) and he has to fill in the answer. This is not worth much, since it is easily solved with GD.
  • The color Captcha: this one uses different colors. You are shown various letters, some in one color and some in other colors, and you must only type the blue ones for example. If the characters to ignore are black and some are in the chosen color, this is also easily solved with GD. All a hacker has to do is select the non-white part (all the letters) of the image, place it on a black background (black letters will no longer be visible) and then OCR the remaining image.
  • The attractive people Captcha: The most amusing and perhaps the most promising one is the Captcha where you have to select the 3 most attractive people from an image of 9 people. Although different cultures and individuals have different tastes, it’s pretty simple to get it right the first try. It’s also the more difficult hack, although statistical analysis might have a crack at it.

None of these however will stand the Pakistani or Indian cheap-labor-hack…

My suggestion: there are plenty of free Captcha plugins available. Implement an easy and maybe fun type of Captcha but one that is hard to solve with image manipulation software like GD. This will keep the wanna-be spammers out, and keep your users happy.