Scratch

GeonoTRON2000 · 2012-05-08 18:59:40

Having trouble using Google's ReCaptcha?
That's O.K! I had trouble too. That's why I created CFCAPTCHA.
With CFCAPTCHA, spam prevention is as easy as 1, 2, 3!

Step 1: Image embed!
Change mysite.com to your domain.

Code:

<img src="http://www.cfagency.org/captcha/img.php?domain=mysite.com" />

Step 2: Have user input code.

Code:

<input type="text" name="captchaCode" />

Step 3: Validate user input!
Check the md5 signature of the user's input against the ckey cookie.

Code:

if (md5($_POST["captchaCode"]) == $_COOKIE["ckey"]) {
  // go on
}
else {
  die("Incorrect code!");
}

Also, to use custom text, embed this image: http://www.cfagency.org/captcha/text.php?text=your%20text%20here

Last edited by GeonoTRON2000 (2012-05-10 10:27:27)

GeonoTRON2000 · 2012-05-09 10:00:25

bump

ManaUser · 2012-05-09 10:56:12

Nice. I checked out of few of the codes it makes and most of them are easier than ReCaptcha, etc, but every once in a while I got one like this:

If I look really close, I can see an F there, but it's nearly invisible.

LS97 · 2012-05-09 11:04:58

The letters could be easily spotted by an OCR...

veggieman001 · 2012-05-09 11:16:37

LS97 wrote:
The letters could be easily spotted by an OCR...

This. They're not different or obscured enough.

GeonoTRON2000 · 2012-05-09 22:52:50

veggieman001 wrote:
LS97 wrote:
The letters could be easily spotted by an OCR...
This. They're not different or obscured enough.

Easily fixed.

I added some elipses and set the line thickness to 5.
Also, I made a black and white version.

ManaUser · 2012-05-10 00:57:31

Found another problem, actually two and I'm afraid this one is pretty serious.

1. First, you can just press Back and try the same CAPTCHA again. Convenient for me, but it also gives a spammer unlimited tries. This shouldn't be too hard to prevent but...
2. Since the ckey cookie is on my computer, so I can change it to anything I want! For example if I change it to "445a0aadad9b9505d6277348cd05da2c" and answer "SCRATCH", that will be accepted as correct.

GeonoTRON2000 · 2012-05-10 10:21:14

ManaUser wrote:
Found another problem, actually two and I'm afraid this one is pretty serious.

1. First, you can just press Back and try the same CAPTCHA again. Convenient for me, but it also gives a spammer unlimited tries. This shouldn't be too hard to prevent but...
2. Since the ckey cookie is on my computer, so I can change it to anything I want! For example if I change it to "445a0aadad9b9505d6277348cd05da2c" and answer "SCRATCH", that will be accepted as correct.

1. Easy to fix, just add an onload to the body element which reloads the image.

Code:

<script type="text/javascript">
function imgReload(img) {
  var thSrc = img.src;
  var qpos = thSrc.indexOf("?");
  if (qpos != -1) {
    if (thSrc.indexOf("&t=") != -1)
      thSrc = thSrc.substr(0, thSrc.indexOf("&t="));
    if (thSrc.indexOf("?t=") != -1)
      thSrc = thSrc.substr(0, qpos);
    thSrc += "&t="+Math.ceil(Math.random()*10000);
  }
  else {
    thSrc += "?t="+Math.ceil(Math.random()*10000);
  }
  img.src = thSrc;
}
</script>
</head>
<body onload="imgReload(document.getElementById('captchaIMG'));">

2. Can't help you there, unless you have some idea of how to fix this.

veggieman001 · 2012-05-10 10:25:42

Make it not be on the user's computer.

GeonoTRON2000 · 2012-05-10 10:30:58

veggieman001 wrote:
Make it not be on the user's computer.

Perhaps a text file?

veggieman001 · 2012-05-10 10:35:53

I don't know but don't store it in a cookie where it easily can be changed.

LS97 · 2012-05-10 11:23:11

For the second issue, there's an easy fix.

You can append a secret password to the two strings to be checked. Since md5 is not reversible, nobody will be able to crack it.

Let me make an example, in the case of the word SCRATCH:
- set the cookie to md5('SCRATCH' . 'secretpassword')
- when the user submits the form, check if
cookie == md5(captchaCode . 'secrectpassword')

Trust me, it works, and if you make the pass long enough, it's uncrackable.

ManaUser · 2012-05-10 12:02:01

LS97 wrote:
For the second issue, there's an easy fix.

You can append a secret password to the two strings to be checked. Since md5 is not reversible, nobody will be able to crack it.

I thought of that, but there's one catch. The website and cfagency need to share the password somehow. This could be done ahead of time, but it still complicates things somewhat.

LS97 · 2012-05-10 13:03:01

ManaUser wrote:
LS97 wrote:
For the second issue, there's an easy fix.

You can append a secret password to the two strings to be checked. Since md5 is not reversible, nobody will be able to crack it.
I thought of that, but there's one catch. The website and cfagency need to share the password somehow. This could be done ahead of time, but it still complicates things somewhat.

Oh, for some reason I thought the PHP code for the image was also on the site itself.
Then this means you either have to provide a PHP-compatible API to verify results (remember then to have different appended passwords for each site or the whole thing could be easily cracked), or just don't use the host site at all, meaning the forms submit directly to cfagency and then cfargency redirects you back smile

scimonster · 2012-05-10 13:16:43

GeonoTRON2000 wrote:
Also, to use custom text, embed this image: http://www.cfagency.org/captcha/text.php?text=your%20text%20here

http://www.cfagency.org/captcha/text.ph … mage?%20:P

Last edited by scimonster (2012-05-10 13:29:22)

GeonoTRON2000 · 2012-05-10 18:40:43

scimonster wrote:
GeonoTRON2000 wrote:
Also, to use custom text, embed this image: http://www.cfagency.org/captcha/text.php?text=your%20text%20here
http://www.cfagency.org/captcha/text.ph … mage?%20:P

http://www.cfagency.org/captcha/text.php?text=MEH!!!

Squawkers13 · 2012-05-10 18:51:19

You can make sigs with this!

Zeusking19 · 2012-06-10 08:26:02

bumping awesome project.

jvvg · 2012-06-10 09:58:02

This is a bit problematic, as a lot of bots are able to read CAPTCHAs. It also annoys legitimate users.

You should try my technique, which does not annoy users and is a bit better at preventing bots.

Scratch

archived forums

#1 2012-05-08 18:59:40

CFCAPTCHA: Spam prevention for the masses.

Code:

Code:

Code:

#2 2012-05-09 10:00:25

Re: CFCAPTCHA: Spam prevention for the masses.

#3 2012-05-09 10:56:12

Re: CFCAPTCHA: Spam prevention for the masses.

#4 2012-05-09 11:04:58

Re: CFCAPTCHA: Spam prevention for the masses.

#5 2012-05-09 11:16:37

Re: CFCAPTCHA: Spam prevention for the masses.

LS97 wrote:

#6 2012-05-09 22:52:50

Re: CFCAPTCHA: Spam prevention for the masses.

veggieman001 wrote:

LS97 wrote:

#7 2012-05-10 00:57:31

Re: CFCAPTCHA: Spam prevention for the masses.

#8 2012-05-10 10:21:14

Re: CFCAPTCHA: Spam prevention for the masses.

ManaUser wrote:

Code:

#9 2012-05-10 10:25:42

Re: CFCAPTCHA: Spam prevention for the masses.

#10 2012-05-10 10:30:58

Re: CFCAPTCHA: Spam prevention for the masses.

veggieman001 wrote:

#11 2012-05-10 10:35:53

Re: CFCAPTCHA: Spam prevention for the masses.

#12 2012-05-10 11:23:11

Re: CFCAPTCHA: Spam prevention for the masses.

#13 2012-05-10 12:02:01

Re: CFCAPTCHA: Spam prevention for the masses.

LS97 wrote:

#14 2012-05-10 13:03:01

Re: CFCAPTCHA: Spam prevention for the masses.

ManaUser wrote:

LS97 wrote:

#15 2012-05-10 13:16:43

Re: CFCAPTCHA: Spam prevention for the masses.

GeonoTRON2000 wrote:

#16 2012-05-10 18:40:43

Re: CFCAPTCHA: Spam prevention for the masses.

scimonster wrote:

GeonoTRON2000 wrote:

#17 2012-05-10 18:51:19

Re: CFCAPTCHA: Spam prevention for the masses.

#18 2012-06-10 08:26:02

Re: CFCAPTCHA: Spam prevention for the masses.

#19 2012-06-10 09:58:02

Re: CFCAPTCHA: Spam prevention for the masses.

Board footer