Monday, May 7, 2007

WaterCap Strong PHP CAPTCHA With Negative Spaces And Shadows

Most of you are aware of the weak CAPTCHA that is used on phpBB2, and the basic version on phpBB3.
Recently, phpBB3 revamped their advanced CAPTCHA, giving the user more options with the x/y axis of noise levels.
The problem is, the CAPTCHA can be fairly un-readable.
Some users are saying nobody over the age of 55 (or under if you wear glasses) is going to be able to decipher the CAPTCHA image.
The solution, is of course to turn the x/y values up quite high, decreasing the amount of noise and making it easier to see.
But if you don’t have freetype enabled on your server, you’re stuck with the default (breakable) CAPTCHA.
Although you usually can persuade your host to enable CAPTCHA with your PHP installation, there are other methods of CAPTCHA as well... the WaterCap method uses the background color inside the letters themselves, making it extremely difficult for bots to pick out the definable boundaries of the characters. But our minds automatically make out the shapes and we "see" the letters, even though it is an optical illusion.
It’s only using shadows to give our brains a hint of what letter it is.
So the question is, will this work for phpBB3?
Perhaps, but only time will tell... if the phpBB team implements something like this by default, the spam world is going to work very hard to come up with a way to crack it... and we know it’s only a matter of time, they eventually will.
The alternative is to use it as a MOD on your board.
We (the Star Trek Guide Group) will create a MOD from this idea if it is not implemented in phpBB3 by default.
But I would like to hear your thoughts on it.

read more | digg story

1 comment:

Rillaith said...

Better yet, plug in's Project Gutenberg-linked captcha system. Good for the community, good for CAPTCHA strength.