PHP Forum

**dartiss** · 11-04-2008, 09:49 AM

Hi everyone,

I'm planning on a major overhaul of the code I use for my contact forms. At the moment I use reCaptcha for security purposes but would prefer something of my own, rather than rely on a third party product.

What do people think of mathematical captchas? (e.g. What is 4+7?). I was wondering whether I should combine these with other types of questions. Is this likely to be a reliable method or should I stick with what I already have?

Cheers,
David.

**torontolimo** · 11-04-2008, 09:59 AM

May be the right idea...

it is so simple and good .....using combo box is always good for the user too

**dartiss** · 11-04-2008, 10:09 AM

That's what I thought - reCaptcha has an audio option but there's nothing more accessible than a simple form box!

But I'll have to think up lots of questions to make it reasonably secure

David.

**josephcohen** · 11-04-2008, 10:58 PM

Quote:

Originally Posted by dartiss

That's what I thought - reCaptcha has an audio option but there's nothing more accessible than a simple form box!

But I'll have to think up lots of questions to make it reasonably secure

David.

I think if you did a simple math sum a computer might be able to hack that or figure out how to put the right answer.

I would just out a picture of some letters and numbers.

**JohnDiamond** · 11-04-2008, 11:26 PM

Hi Dartiss, I just found one idea that is quite interested. I looked up "recaptcha alternatives" on Google and found this: http://citalan.blogspot.com/2007/12/...ernatives.html

One of them offers to simple put 6 images of animals and have the user click on the right animal (click on the cat)... That is highly original! Or you can simply ask a question such as: "The color of snow is? (5 letters)"

What do you think? :-)

**mtishetsky** · 11-05-2008, 01:29 AM

I suppose all these exotic methods of bot protection too user unfriendly. If you only need a captcha that does not use external sources try captcha from http://captchas.net/. It is free, it uses own server to generate images but validation is processed on your side.

**dartiss** · 11-05-2008, 02:15 AM

Thanks for all the responses. However, all those recommended, including captchas.net (which I've used before), have accessibility issues.

Instead of just simple sums my plan is to have my code generate all sorts of random questions, and all randomly worded in different ways.

e.g.

Name the month that comes after August
Which month is 2 months before September
What day comes after Tuesday
What is eleven added to three
What is 2 x 3

The above is hardly unfriendly, it's accessible and, I hope, quite secure. What do you think?

David.

**chrishirst** · 11-05-2008, 03:22 AM

I find a hidden field with a name that sounds important, then left empty works remarkably well.
Real users can't see the field to put anything in it, bots will have something in the field.

non-empty field? dump the form data!

**dartiss** · 11-05-2008, 03:37 AM

Chris - thanks for that. I've already implemented that but find that if I remove the captcha I still get spammed

Never-the-less, I'm planning on improving it and having the captcha switable, so I can remove it if I want to later.

David.

**JohnDiamond** · 11-05-2008, 11:52 AM

What kind of accessibility problems are you getting with the current captcha?

**dartiss** · 11-05-2008, 12:16 PM

None. reCaptcha is okay - however, a good quality form field is going to be better than an audio option on a graphics-based Captcha.

My reason for change is merely to have more control over the product - hence writing my own.

David.