Adapt a new Captcha system (General)

by yns00k ⌂, Portugal, Sunday, May 31, 2009, 00:41 (5451 days ago)

The current CAPTCHA System is trivial to be passed, I would like to suggest that IN ADDITION to the current: Mathematical CAPTCHA and Graphical CAPTCHA included, you could add a third option: reCAPTCHA http://recaptcha.net.

why reCAPTCHA?

# It's Free! Yep, reCAPTCHA is free.
# It's Useful. Why waste the effort of your users? reCAPTCHA helps to digitize books.
# It's Accessible. reCAPTCHA has an audio test that allows blind people to freely navigate your site.
# It's Secure. Most other CAPTCHA implementations can be easily broken.
# It's Popular. Over 100,000 sites use reCAPTCHA, including household names like Facebook, Ticketmaster, and Craigslist.

Security

reCAPTCHA has the highest security standards. Many other implementations of CAPTCHAs use undistorted text, or text with only minor distortions. These implementations are vulnerable to simple automated attacks. Others, such as MAPTCHA, consist of asking text-based arithmetic questions like "what is 1+1". These can be trivially broken by an attacker.

Adaptive Security

reCAPTCHA is a Web service. That means that all the images are generated and graded by our servers. In addition to the convenience that this provides (you don't have to run costly image generation scripts on your own servers), this also provides an extra level of protection: our CAPTCHAs can be automatically updated whenever a security vulnerability is found. For example, if somebody writes a program that can read our distorted images, we can add more distortions in very little time, and without Web masters having to change anything on their side. This is significantly more secure (and convenient) than having to re-install a CAPTCHA every time a vulnerability is found.
IP Address Detection

Our service also includes IP address filtering and detection. If we determine that a given IP address is successfully solving too many CAPTCHAs in a certain period of time, the address is immediately flagged for review. In addition, by providing CAPTCHA services to many customers we obtain a global view of spamming attacks, allowing us to react quickly to security threats.

--
So it would be much more secure against automatic registration or posting!

All information for creating the code I think is available here: http://recaptcha.net/resources.html Of course you will need to provide the interface for adding the public and the private key for the service to work.

Complete thread:

 RSS Feed of thread