Skip navigation
Currently Being Moderated

recaptcha?

May 1, 2012 2:21 PM

Tags: #google #captcha

The captcha being served with my site is not at all secure. Is it possible to integrate recaptcha?

 
Replies
  • Liam Dilley
    6,719 posts
    Feb 28, 2012
    Currently Being Moderated
    May 1, 2012 2:50 PM   in reply to kenneth_rapp

    Hi Kenneth,

    No you can not add another captcha system

     

    May I ask why you think the BC captcha is not secure?

     
    |
    Mark as:
  • Liam Dilley
    6,719 posts
    Feb 28, 2012
    Currently Being Moderated
    May 1, 2012 3:42 PM   in reply to kenneth_rapp

    OCR screen reader attacks are not that common yet and I do not believe there has been any verified and confirmed breaking of the current captcha version.

     

    To that if you also view the source there is also a honeypot method implementation as part of that captcha. If you used the firefox addon developer toolbar now and tried to auto fill a form, the form will not submit.

    Further to that the form action has had a number of improvements to verify things like location, referrer etc as well.

     

    You can also modify and change the background colour and text colour if you wish:
    http://kb.worldsecuresystems.com/478/bc_478.html#main_Adding_an_Image_ Verification__CAPTCHA__field

     
    |
    Mark as:
  • Currently Being Moderated
    May 1, 2012 6:32 PM   in reply to kenneth_rapp

    I'd be interested to know how much is getting through. For the amount of sites we have that use the BC Captcha it does a tremendous job at keeping things at bay.

     

    If you want to obscure it a bit more you could always change the text/background colours to something that's a bit harder to read, but it doesn't make it so usable for users:

     

    http://www.directfusion.com.au/_blog/Resources/post/Captcha_Image_Colo urs/

     
    |
    Mark as:
  • Liam Dilley
    6,719 posts
    Feb 28, 2012
    Currently Being Moderated
    May 1, 2012 6:30 PM   in reply to kenneth_rapp

    I also just personally hate captcha that is to hard to read, puts me off filling in the form.

     
    |
    Mark as:
  • Liam Dilley
    6,719 posts
    Feb 28, 2012
    Currently Being Moderated
    May 1, 2012 9:00 PM   in reply to kenneth_rapp

    Not the case Kenneth,

    Everyone hates them and the sites that do not have them and use other methods are a god send.

    4 nice images - "Select the cat" For example are other methods, which are far nicer to use and are full proof.

     

    Because it is hard for the user does not make it more secure though

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 4, 2012 4:53 PM   in reply to kenneth_rapp

    Hard to find anything 100% -- and doing something on a web form to make sure a human is responding will fail if... a human responds.

     

    New York Times had an article a couple of years ago about spammers paying people in super-poor areas to view and respond to the CAPTCHAs... see http://txzz.com/7f -- excerpt below:

     

    "Sophisticated spammers are paying people in India, Bangladesh, China and other developing countries to tackle the simple tests known as captchas, which ask Web users to type in a string of semiobscured characters to prove they are human beings and not spam-generating robots.

    The going rate for the work ranges from 80 cents to $1.20 for each 1,000 deciphered boxes, according to online exchanges like Freelancer.com, where dozens of such projects are bid on every week."

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 7, 2012 7:09 AM   in reply to FriscoTX

    Agree with FriscoTX, there is no 100% fully proofed spam protection. the captcha is made for lazy spammers and robotic spam applications.

     

    The only solution and REALLY ONLY which is a Million% fully proofed is to HOPE that you don't get a lot of spams

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 13, 2012 7:39 AM   in reply to kenneth_rapp

    I'm not disagreeing with you at all, I'm just saying that there isn't a 100% accurate and secure way. I can even confirm my agreement with you in this subject, because from the captcha problem, it leads to this issue:

     

    http://forums.adobe.com/message/4458157#4458157

     

    I suggested few times to use captcha to stop getting Adobe's servers Blacklisted, but probably the issue comes from the weakness of the captcha in the first place.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points