The other day I was filling out a form and I saw this piece of crap CAPTCHA:
What the heck is this thing: 
I thought it was an ‘L’, but I tried that and it didn’t work.
This experience and many others have showed me one thing: webmasters are beginning to sacrifice their site’s user experience for security.
I’ll get this out of the way now, I hate CAPTCHAs. Period. I hate them. I used them on this site for a few weeks (when I use the Spam Karma 2 plugin) and gave up on it after several bots still made it through. The things just suck, and half the time you can’t even read them!
If you are going to use one for whatever crazy reason, remember to make it user friendly, easy to read for humans but not for bots, and use different fonts (one CAPTCHA might show up in Arial, while another is in Verdana, etc). Here is one I whipped up in Photoshop:
The white lines help distort most of the letters, so a bot would have a hard time using pattern recognition on it, and it is perfectly readable to humans.
The other thing you have to remember is do not use predetermined CAPTCHAs. Use PHP or you favorite server site language to create each image on the fly. Most of the time people will use 20 or so different CAPTCHAs and have them randomly chosen by a script, which is a big no-no. All it would take is a human to go in and get the filename of an image and match it to a certain string, program it into their bot, and off they go spamming the world.
If you want to get really fancy you could even use PHP to make the image and use a nice Javascript call to display the image.
Please subscribe, or else I will cry. Do you really want to make a programmer cry?
Leave a Reply