Select Page

Security images (captcha) may be not enough

 oups it seems (!) that protecting form with security images may be a not so good idea (it may stop a lot of spammer but not all)… As there is already some open source or closed programs to defeat them…I am convince that not all spammer will be able or want to attack site protected with images, especially user homepage. But if the site is well known (ex: Yahoo)…read below: frightening!

PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.

Anyway this page is giving me enough idea at how to tune my code to avoid/disallow/make it more difficult automatic recognition of characters…

Among others, from this page:

  • render the characters with different colors -> I will do it, easy
  • make some characters darker than the background, and some lighter
  • use gradient colors for the backgrounds and the characters
  • dont align all the characters vertically -> Possible in current implementation
  • dont make the answers words, so that a dictionary could be used -> already random
  • use more characters and symbols -> done
  • use uppercase and lowercase characters -> already done
  • use a different number of characters each time ->done
  • rotate some of the characters more drastically (i.e. upside down) -> will try
  • do more overlapping of characters
  • Add a grid ->done
  • make some pixels of a single character not touching
  • have grid lines that cross over the characters with their same color
  • consider asking natural language questions

Breaking a Visual CAPTCHA homepage of the Shape Contexts based approach to break Gimpy, the CAPTCHA test used at Yahoo! to screen out bots. Our method can successfully pass that test 92% of the time

About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.