How to understand, use and implement
captcha to protect your web site against
spam and form spamming.
(The
FREE anti-bot service that helps digitize books.)
HOW CAN WE USE IT AND MAKE
OUR SELF SAFE FROM BOTS.........
What is
Captcha ?
Captcha stands for:
completely automated public Turing test to tell computers and
humans apart.
completely automated public Turing test to tell computers and
humans apart.
Captcha is an
acronym - explained later, but mainly captcha is a simple verification system
made up of:
1] the captcha image and the captcha code that generates it
a computer generated image, sometimes distorted and in most cases the image is a .png or .jpg which usually consist of a background and letters and numbers of a different colour that appear on that background
1] the captcha image and the captcha code that generates it
a computer generated image, sometimes distorted and in most cases the image is a .png or .jpg which usually consist of a background and letters and numbers of a different colour that appear on that background
2]
a form field into which the code one sees in the captcha image must be inserted - and an enter
button
The field can either be part of a mail form, or a separate entity and is directly connected codewise to the captcha generated image.
The field can either be part of a mail form, or a separate entity and is directly connected codewise to the captcha generated image.
3]
a separate code, probably in PHP, which checks that the code inserted manually
into the field was correct
Once the user enters the code he sees in the image, the verification code checks to see if the code entered was correct, and if yes the form is sent off correctly or the user is redirected to the captcha protected pages, or in the case of an error, the form won't be sent, the captcha verification code generates an error, and indicates to the user to try again either by refreshing his browser, or by clicking a button to regenerate new captcha code
Once the user enters the code he sees in the image, the verification code checks to see if the code entered was correct, and if yes the form is sent off correctly or the user is redirected to the captcha protected pages, or in the case of an error, the form won't be sent, the captcha verification code generates an error, and indicates to the user to try again either by refreshing his browser, or by clicking a button to regenerate new captcha code
How can
Captcha help against spam?
Captcha can be a
great help in downsizing or diminishing form spamming.
[ form spamming is when bots go around the web, find forms and either hijack them - meaning they send thousands of spam emails through that form or - in the least - send at least one e-mail through that form.
Or, they fill in the form and sign up for hundred free e-mail accounts, or order hundreds of services and even products.
Bots can also harvest any e-mail addresses inside the form's html code - and this is where captcha is not much of help - but LATER ON THIS ARTICLE WE WIIL SEE A SOLUTION TO THIS PROBLEM TO****.]
[ form spamming is when bots go around the web, find forms and either hijack them - meaning they send thousands of spam emails through that form or - in the least - send at least one e-mail through that form.
Or, they fill in the form and sign up for hundred free e-mail accounts, or order hundreds of services and even products.
Bots can also harvest any e-mail addresses inside the form's html code - and this is where captcha is not much of help - but LATER ON THIS ARTICLE WE WIIL SEE A SOLUTION TO THIS PROBLEM TO****.]
So if you use Captcha on your
web site forms, this can help in stopping some bots and making life harder for
other bots in accessing or using your forms.
How does
Captcha try to fool the spam bots ?
Well, internet robots, the so
called bots, which are programs made with the purpose of scouring the web for
forms and e-mail addresses, are a bit different to human eyeballs.
When the human user enters a
captcha page and sees a code generated image - usually numbers and letters - he
must insert this code, by typing the same numbers or letters in the image into
a field and if he has copied correctly - he will be allowed to click the send
button and either send the form or proceed to other web pages.
Human
eyeballs have a much more sophisticated system of recognizing complex images
and still be able to extract the numbers and letters which are in the image.
The bot on the other hand, does
not have such sophistication, and mostly is programmed to extract e-mail
addresses from the html code of a web page.
But because even the bots have become more sophisticated and some of them have image recognition algorithms programmed into them and can read even images with numbers and letters, this is why captcha created images are usually also a bit distorted or have dots and lines along with the numbers to try to confuse the bot as much as possible.
But because even the bots have become more sophisticated and some of them have image recognition algorithms programmed into them and can read even images with numbers and letters, this is why captcha created images are usually also a bit distorted or have dots and lines along with the numbers to try to confuse the bot as much as possible.
This
basically means that a human can pass through a captcha protected page or form
but a bot will have a harder task.
This
because a bot has difficulty in reading and then typing in what it first saw on
a graphical image.
Please note - the keyword here is 'harder task
Please note - the keyword here is 'harder task
*******************But...and this is a big but....
the system of creating a web form in pure HTML does NOT prohibit the bot in getting to the actual form page html source and finding the email address and hence if implemented this way, captcha can prevent the bot from sending the form BUT NOT from harvesting any e-mail addresses contained inside the page source.
the system of creating a web form in pure HTML does NOT prohibit the bot in getting to the actual form page html source and finding the email address and hence if implemented this way, captcha can prevent the bot from sending the form BUT NOT from harvesting any e-mail addresses contained inside the page source.
This is why there are two ways to go about protecting
your web forms against spam bots.
The one easy method explained on this website is for the non programmer whereby you simply create a Captcha verification system BEFORE the user - or the spam bot - gets to the actual web form.
The second system is that one uses captcha protected forms ( the captcha residing on the same page as the form) but with the form and verification system all done in ASP, which is code that is not as easily accessed neither by the bot nor by the eyeball.
The one easy method explained on this website is for the non programmer whereby you simply create a Captcha verification system BEFORE the user - or the spam bot - gets to the actual web form.
The second system is that one uses captcha protected forms ( the captcha residing on the same page as the form) but with the form and verification system all done in ASP, which is code that is not as easily accessed neither by the bot nor by the eyeball.
LETS HAVE SOME INTESERTING TALKSSSSSS
Applications of CAPTCHAs
CAPTCHAs
have several applications for practical security, including (but not limited to):
Preventing Comment Spam in Blogs. Most bloggers are familiar
with programs that submit bogus comments, usually for the purpose of raising
search engine ranks of some website (e.g., "buy penny stocks here").
This is called comment spam. By using a CAPTCHA, only humans can enter comments
on a blog. There is no need to make users sign up before they enter a comment,
and no legitimate comments are ever lost!
Protecting Website Registration. Several companies (Yahoo!,
Microsoft, etc.) offer free email services. Up until a few years ago, most of
these services suffered from a specific type of attack: "bots" that
would sign up for thousands of email accounts every minute. The solution to
this problem was to use CAPTCHAs to ensure that only humans obtain free
accounts. In general, free services should be protected with a CAPTCHA in order
to prevent abuse by automated programs.
Online Polls. In November 1999, http://www.slashdot.org released an
online poll asking which was the best graduate school in computer science (a
dangerous question to ask over the web!). As is the case with most online
polls, IP addresses of voters were recorded in order to prevent single users
from voting more than once. However, students at Carnegie Mellon found a way to
stuff the ballots using programs that voted for CMU thousands of times. CMU's
score started growing rapidly. The next day, students at MIT wrote their own
program and the poll became a contest between voting "bots." MIT
finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school
with less than 1,000. Can the result of any online poll be trusted? Not unless
the poll ensures that only humans can vote.
Preventing Dictionary Attacks. CAPTCHAs can also be used
to prevent dictionary attacks in password systems. The idea is simple: prevent
a computer from being able to iterate through the entire space of passwords by
requiring it to solve a CAPTCHA after a certain number of unsuccessful logins.
Search
Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent
others from finding them easily. There is an html tag to prevent search engine
bots from reading web pages. The tag, however, doesn't guarantee that bots
won't read a web page; it only serves to say "no bots, please."
Search engine bots, since they usually belong to large companies, respect web
pages that don't want to allow them in. However, in order to truly guarantee
that bots won't enter a web site, CAPTCHAs are needed.
Worms and Spam. CAPTCHAs also offer a plausible solution against
email worms and spam: "I will only accept an email if I know there is a
human behind the other computer." A few companies are already marketing
this idea.
OKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
ENOUGH ABOUT CAPTCHA FOR MORE INFO PLS SEARCH WEB(OHhhh JUST KIDIDNG
)....
NOW LETS FOCUS ON HOW CAN WE GET THIS AMAZING AND SIMPLE CONCEPT ON
OUR WEBPAGE(ASP.NET)
Here are the 10 easy steps to follow:
2) add a site
3) copy & paste your public and private key in notepad as reminder
4) download and extract the latest version of the .net control
which can be found athttp://code.google.com/p/recaptcha/downloads/list?q=label:aspnetlib-Latest
5) put the extracted files in the Bin folder of your solution
6) The next thing is to add a reference in your project to the
DLL in your Bin folder.
7) Register the control in the page (or usercontrol) by adding
this to the top of the page:
<%@ Register TagPrefix="recaptcha"
Namespace="Recaptcha" Assembly="Recaptcha" %> |
8) Insert the control in your aspx (or ascx) file at the right
place
<recaptcha:RecaptchaControlID="recaptcha"runat="server"PublicKey="your_public_key"PrivateKey="your_private_key"/> |
9) Insert your public and private key which you stored with
notepad.
10) Do not forget to validate the Recaptcha control. Here is how
I did it in my code behind of an <asp:login control:
1
2
3
4
5
6
|
protected void Login1_LoggedIn(object sender, EventArgs e){//LogVisit();recaptcha.Validate();if (recaptcha.IsValid){ // etc |
You can customize the look and feel of the
Recaptcha control
with CSS or by using the predefined theme’s, more about that can be found herehttp://code.google.com/intl/nl/apis/recaptcha/docs/customization.html
I used the blackglass theme like this:
<recaptcha:RecaptchaControlID="recaptcha"runat="server"PublicKey="my-public-key"PrivateKey="my-private-key"Theme="blackglass"/> |
OTHER THEMES ARE:
RED
WHITE
BLACKGLASS
CLEAN
OOPS ONE LIMITAITION.............(OH! Its OK)
NOTE***: The ReCaptcha does not work in IE6. I recommend upgrading your browser
to IE9!
No comments :
Post a Comment