A CAPTCHA is a test to tell wether a user is human or a robot. It allows to protect web sites from robot intrusion, while allowing human users to navigate the site normally.

In this post we will scope out CAPTCHA types, services and the tools for CAPTCHA generation. Also we will investigate some CAPTCHA solving software and services and touch on new trends for CAPTCHA and bot protection techniques.

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. The interesting thing is that CAPTCHA is composed by robots or various software tools designed to fight other robots, however humans are able to decipher it. Usually CAPTCHA requires the user to type characters from a distorted image that appears on the screen, while there can also be other forms of CAPTCHAs such as image puzzles, defining some object associations, undertaking certain moves and so on.

Types of the capture

Image or move puzzle

First I mention some figured CAPTCHAs, which are images understandable by humans instead of text to recognize. Most of this type of CAPTCHAs are jQuery (JavaScript) powered.

  1. Captcha PHP or Animated image CAPTCHA –  Seeing believing, not recognizable by Optical character recognition (OCR) systems.
    Captcha PHP
  2. QapTcha – draggable jQuery captcha system. As the user, we only need to move the slider to confirm that we are human.
  3. Draggable CAPTCHA – drags pieces into one figure.
  4. Ajax CAPTCHA – solving requires the user to drag a picture and drop it into a certain area.
  5. SimpleCaptcha –  Another one where we need to guess where to click by a text question (PHP + JQuery).

Character puzzle

There are also plenty of text recognition CAPTCHAs on the web now; the variety of types goes up and up. We won’t give you a list of those, but you can do a search through https://www.google.com/?q=”character captcha”

Services and libraries for generating CAPTCHA

Services

  1. ReCAPTCHA is a Google CAPTCHA service helping with the digitizing of old books :-). Why not ask humans to correctly spell an outdated word while deciphering a CAPTCHA puzzle for the sake of Google data mining? ReCaptcha has a benefit in that what it puts in front of the human is a word which a quality Optical character recognition system has already failed on. However, one is dependent upon an external resource.
  2. NuCAPTCHA is a service capable of CAPTCHA security level adjustments and user-friendly CAPTCHA generation.
  3. The Civil Rights CAPTCHA module provides the free anti-spam CAPTCHA service. This service CAPTCHA provides a fact about a human rights issue (mostly from United Nations Universal Declaration of Human Rights issues) or event and requires the user to select a word that matches how they feel. The CAPTCHA is passed if the answer showing empathy for humans is selected. However, since the questions are of moral nature and might not fit different cultural levels or even language levels, this CAPTCHA service is not perfect.
  4. The Captchas.net is a service designed to embed CAPTCHAs into html-forms. It supports several programming languages that can generate web pages with CAPTCHA.

Libraries and free tools

  1. The Secure image free PHP CAPTCHA script.
  2. The BotDetect PHP captcha library.
  3. Kohana PHP CAPTCHA library.
  4. Lmorchard CAPTCHA library.
  5. SimpleCaptcha is a Java library for generating CAPTCHAs.
  6. Barntarnst CAPTCHA library.
  7. The Ajax captcha resource.
  8. Libautocaptcha, CAPTCHA decoding library for Java.
  9. The full list of CAPTCHA related Packages under the Python programming language is located here.
  10. Another Python code for generating character CAPTCHA without using any fonts.
  11. The .NET CAPTCHA generator is here.
  12. Another authored simple C# CAPTCHA code is here.

CAPTCHA automatic solving tools and services

Since we’ve mentioned much on CAPTCHA generating tools and services why not note the programs that de-captcha those web puzzles? The tools can be classified into two groups:

  1. CAPTCHA processing by using cheap manpower that solves each CAPTCHA in a bulky pipeline way with a certain speed.
    • One of those services is the DeathByCaptcha. The price starts at $7 for 5,000 CAPTCHAs and the average puzzle process time is 10 sec. The service provides API for most programming platforms.
  2. Processing of CAPTCHA pages by a Optical Character Recognition (OCR) system. There can be a subscription to a OCR service or perhaps a using a one-time cost software. Here we mention some of them:
    • De-captcher service is Optical Character Recognition system-based, doing de-captchering of supplied CAPTCHAs. Price is $2 for 1000 puzzles.
    • CaptchaInfinity is a fixed-price CAPTCHA solving software (pluggable with some scrape or post services; for example the software success rate with WordPress blog’s CAPTCHA is 80%). This software can be configured that in case CAPTCHA is not solved the CAPTCHA processing can be automatically redirected to Decaptcher or DeathbyCaptcha services.
    • Captcha Snipper is another CAPTCHA processing software. It’s mainly for use along with automatic posting applications. It has a list of CAPTCHA types that it can process including process rates.
    • Captcha breaker by GSA is the OCR based CAPTCHA solving software, having a high CAPTCHA process rate.
    • The FBBlaster is free CAPTCHA solver for Facebook CAPTCHAs. It helps to post and do more on the managing of multiple Facebook accounts.

Some other stuff

New era CAPTCHAs?

  1. The new CAPTCHA type (used by Ticketmaster) is to present users with “phrases, questions or ads” rather than with randomly generated puzzles. It’s a new way of ad-promotion, and  time will show if it is really usable on the modern web.
  2. Another CAPTCHA alternative uses authenticating users’ identities via credentials issued to them by Facebook, Google, Yahoo and the like. CAPTCHA, in spite of all its frustrations, is a mechanism that maintains anonymity, but with this new kind of CAPTCHA you must prove not only that you are human, but also reveal some aspects of your personality. This might result in new privacy issues, which is not in the scope of this post.

Keeping things protected without using annoying CAPTCHA – how?

There might be a desire to avoid so many CAPTCHAs in contact forms, but still keep them spammer- proof. For help on how to do this with jQuery, read here.