Animated Gif Captcha :: PR & Backlink Image :: Site Stats API :: Tabbed Browser

Animated Gif FREE PHP Captcha Script [AnimatedCaptcha]

What is a Captcha and why should my web site use it?

A captcha is a logical question /response test used on the internet to determine whether or not the user is human. Questions should be simple enough for anyone to answer.

AnimatedCaptcha is a Free PHP Captcha that is a more secure, readable version of captcha with very few limitations.

When deciding on a captcha you have many choices from KittenAuth to Flickcha and even Flash Video Captcha. As well as and many others that rely on the open source GD Graphics Library. Every captcha has their own problems and limitations. Some choose to contort letters that make them unreadable or confuse numbers and letters. Others rely on javascript which is an unreliable client side verification. AnimatedCaptcha makes spam protection simple for users while maintaining the highest level of security against spam bots.

Well deserved credit needs to be given to KrakJoe and phpClasses.org for assisting in the idea development and coding for this animated gif implemetation of a PHP captcha script.

Try it out now, just answer the scrolling question while leaving a comment.

Downloads

AnimatedCaptcha v1.4

Basic Animated Gif Captcha package. Developer friendly & released under the LGPL for maximum flexibility.

See it in action

ScriptsMill Comments
+ AnimatedCaptcha v1.3

Free PHP comments script + Animated Gif Captcha for a safe, secure and robust way to let your users make comments.
GPL license ... Freeware Apps Only!!!

See it in action

Is this captcha any good? - Read More

The easy answer is yes ... it will heavily cut down on the amount of spam you receive by requiring critical thinking.

Breaking down a Captcha

Traditional captcha systems have several weak points that take away from their potential effectiveness.

Images are difficult for humans to read
Images are readable to some bots (programs made to spam your site)
Reliancy on 3rd party APIs such as flickr
Exclude users who choose to disable javascript

I have heard many complaints from site users and communities about the ineffectiveness of today's captcha systems. In theory, using flat pictures (not text) to separate the humans from the robots is an excellent idea. The problem, however, is that spam is profitable and anywhere there is money ... crackers are close behind ready to exploit the system. These guys are smart enough to write programs that recognize text inside a picture which renders traditional captcha programs useless.

Why is AnimatedCaptcha any better?

Because this captcha is not a single image, it keeps the robots guessing. Traditionally, for a program to break into a captcha, it would have to read the picture pixel by pixel and look for combinations of pixels of the same color. From here, bad bots can stitch those colors together and recognize letters as patterns of colors.

By making the above images a series of pictures (called an animated gif), it makes breaking into this captcha system very difficult. Why is it so difficult?

The number of frames created are totally random
The elapsed time of the animation's rotation is random
The numbers (1-9) and operators (plus [+], minus [-] & times [x]) are also chosen at random

There are 125+ different combinations of questions by default.

This system is also superior to traditional captcha images because it is very readable to humans and complete an total jargon to programs. Usually the text in a captcha is contorted or placed on a very busy background, this leads to an unreadable capcha (expecially to the visually impared). AminatedCaptcha fights bots by using multiple layers instead of 1 flat picture. Confusing to bots but shows up as plain letters on a white background which makes very easy on the eyes.

As an additional benefit, the frames are numbers instead of letters which allows for

Captcha to be multi-linugal.
Questions easy enough for any 3rd grader (~10 years old) to answer.
Never again confuse the characters 1,l,I,0,O and many other tricky alpha-numeric options.

Leave a comment - show / hide

Bot-spam free thanks to AnimatedCaptcha. Nothing can stop a human :]

Comments

sb
16 May 2008, 01:14

sdsd

test
15 May 2008, 11:08

test

joe
10 May 2008, 17:39

test

khan
02 May 2008, 08:28

@Josh

thank you for your words!

Well, the code was installed correct.

I solved the error thing by another trick and it worked :)

i switched off error reporting from comments file of comments script and it worked perfect!

i put:
error_reporting(0);

at very start!

and uncommented the session_start();

It works fine now!

Thank you for your support!

Josh
30 Apr 2008, 13:36

@khan

After uploading AnimatedCaptcha v1.4 go to the page example.php. Don't change the code in any way. This will show you the script working on your server.

For adding the script to an existing page or layout , the 1st thing you will want to do is to add <?php session_start(); ?> to the very top of your page. This will start a session that logs the correct answer on your server. It's probably the most important part of the installation and the one most commonly messed up when implementing this free php captcha into an existing page.

My name links my real email so feel free to send any specific code or installation questions to that address and I'll be happy to help you get this captcha set up on your server.

asdaa
30 Apr 2008, 05:16

himmm good

khan
30 Apr 2008, 03:06

@Josh Storz

yes, you are right, actually it gave me session already sent error, so i commented session_start(); in order to get rid of this error.

Can you tell me how can i solve this issue? if i turn on my session_start, it gives me error, and i don't know where are headers already sent?

should i need to move my code or do something different?

Josh Storz
29 Apr 2008, 18:31

Thanks to all the new users of this free php captcha script. Anyone who has any problems with installation of this script please hit the "Contact QueryThe.Net" link above and give a pretty good explanation of what is going on.

@ khan - "my one is giving error for every answer" probably means that your session is not set at the very top of the page (even before the <html>). If a session is not set correctly on the server the answer will always be wrong.

Feel free to contact me directly if you can't get it working and I'll see if I can help you more. It works quite well, I promise

khan
29 Apr 2008, 12:59

my one is giving error for every answer

ben
24 Apr 2008, 10:57

gonna try it

Sergei Kretov
07 Apr 2008, 03:54

Good captcha! :)

Josh Storz
05 Apr 2008, 22:18

@ cliff >> sorry no audio component is available though I considered building one on a while ago. If there is a serious outcry I might consider it again.

@ Jim >> example and script has worked beautifully for everyone I've spoken with. Shoot me some details if you need help getting it worked out. I think you might have posted right after saying it didn't work ... answered that question yourself did you?

By the way ... this captcha class just passed 1,600 downloads ... this includes the class as an individual and included with this comment script. Thanks to everyone for making this such a successful little script. This number does not, however, include the number of downloads from phpclasses or hotscripts ... If I had to guess were somewhere around 2,500 total downloads right about now.

cliff
04 Apr 2008, 16:49

does it have an audio component for the blind?

steve
29 Mar 2008, 14:04

testing

Jim Dillon
18 Mar 2008, 14:52

This is cool, I guess it only lets ya post a real comment.

Jim
18 Mar 2008, 10:48

The downloaded comment with captcha doesn't work for me and neither does youe example. Can you clarify?

Google
12 Mar 2008, 11:37

It's googlebot, your captcha is a piece of cake.

Josh
22 Jan 2008, 15:46

Spam has been coming in and it's not going through animated gif captcha section of the comment script. What does this mean? Well for starters it's not a breakdown in the captcha script ... it's not going through that filter at all.

I have recently added a check to see if a url is referenced in the text that is being entered. The thinking is that if someone is here to spam, they are probably dropping a link while doing so.

This workaround has been effective so far. If anyone knows of a good comment script that is better at keeping people from dropping links than the scriptsmill one, please suggest it here and I'll drop this crappy comment script like an ex-girfriend and put out an industrial strength one for you guys to use with animated captcha embedded.

GabrielLins
04 Jan 2008, 15:17

THANKS!!!!!

farty joe
04 Jan 2008, 13:55

Cool...

anominous
19 Dec 2007, 14:27

It works!

Josh Storz
14 Nov 2007, 10:16

Welcome all the new users of thiscaptcha system & thanks for the comments.

@Bentley - no pain ... no gain :]

@moka - a better explanation of why the system is no fully working would be in order. Dozens have successfully installed this so if your system has a problem I would love to hear the specifics and help you get it worked out.

@levi - Thanks for the comments. One of my fears for this is when it does become widely used it will get more people trying to break it. I don't think this can be avoided.

What makes this more secure right now is that it is uses animated gifs instead of flat jpg/png images. Not many are using this technique currently. Using flash pictures might be a bit safer but this technology is like javascript ... not everyone has it active in their browsers so it would be excluding a % of your users. Every browser reads animated gifs so it's a safer option than flash or js.

Straight OCR would not work because of the captcha is not a flat picture. In order for someone to break it programmatically they would need to slice out each frame and extract the math involved. I'm sure this can be done, but you are absolutely correct about the issues with it being widely used. When many pages have this security in place, the stakes will be higher and some crackers will start trying to break it.

I make no guarantees of this working 100% of the time forever, that would just be foolish. That being said, I am having much better success with this than I have with any captcha system I have ever used previously.

levi
13 Nov 2007, 12:14

I like the innovation.. as well as the math practice... but if a bot can OCR an image.. what do you think will happen if/when CAPTCHA becomes widely used? i'm pretty sure computers are better at math than most humans :)

moka
02 Nov 2007, 23:21

not working fully

steve
31 Oct 2007, 10:57

cool

Bentley
15 Oct 2007, 18:29

This is kinda cool, but kinda painful at the same time....

Josh Storz
01 Sep 2007, 10:13

@Chris - Thanks for your comments and I am always looking to improve the program. There are 2 issues that I have with implementing something similar to what you are suggesting

1> Plain text will not work as bots are already accustomed to reading text. Just scrape and add (or - * / ), I could write something to get around that in minutes. Now breaking down an animated gif is much more challenging, which is what led me to create this project.

2> I think you might not be giving enough credit to your users. My 9 year old figures this out easily, I doubt there is a market for websites that use CAPTCHA for people under 9. + math makes it non-language specific. True, there is some english there but if you can recognize numbers then you can get past the captcha.

Also, all numbers in the questions are single digit by default. All answers are positive numbers. This can be easily changed by modifying the code but I wanted to make this as simple as possible right out of the box.

@Sven - I totally agree. I have seen some around the net that allow this. I guess I chose a good comment script (but not great) to use AnimatedCaptcha with. BTW: I am not affiliated at all with Scriptsmill (they won't even return my emails).

Any suggestions for a better comment script can be left here and I will integrate it if I deem it worthy of our time.

Chris
29 Aug 2007, 13:53

If simple math is your captcha, then plain text will work just as well, because 'bots aren't programmed to expect it.

Chris
29 Aug 2007, 13:50

this isn't bad, but you would be amazed how many really stupid people there are out there on the Internet. In my experience, a good 10% of users could not figure this out, especially if asked to multiply double digits. However the technology could be used to good effect if you simply flash a moving number or word.

Sven
20 Aug 2007, 15:07

This is a great addon to the comment script, now it only needs one more thing to fill my requirements: moderation (no direct updated comments, it has to be accepted by admin first ;)

Josh Storz
16 Aug 2007, 21:21

Terry,

I would really have no idea without seeing the script in action, and even then I would have to look under the hood (see the php not just the output html).

Perhaps you do not start your session at the top of the page then when someone does not enter an answer it matches. A quick check to see if that is the problem would be to insert something in the answer column. By doing this 'N' == '' would not work whereas '' == '' would.

Make sense? Send the url through my contact page and I'll take a looksee.

Mark
16 Aug 2007, 13:10

Nice idea!

Terry
12 Aug 2007, 15:54

The problem I am having is that you do not have to put anything into the answer box and just hit submit and it will go through. So I am not able to block any spam at all. I am sure I did something wrong... but what?

Roel
05 Aug 2007, 16:10

This looks interesting

charly
04 Aug 2007, 04:43

awesome

Boatswain
25 Jul 2007, 13:31

Yes Josh, I noticed the spam here and the amount is simulair as the ones I got in my comments.

Josh Storz
25 Jul 2007, 00:47

As some of you have noticed, some bb style spam has gotten through this comment script. The scary part is that they have totally bypassed the captcha system. This I know because I get an email each time the captcha is answered ... I get nothing from these spam attempts.

In some previous comments, users have discussed direct db insertion by crackers. I still don't think this is possible, but they are abusing a weakness in the scriptsmill comments script. I am looking into this and should be able to point out the weakness in the near future.

Josh Storz
03 Jul 2007, 15:13

Tim => Writing an IP blocking script is not terribly difficult, but the easiest way for you to achieve this would be just to block comments where the characters are > 500

<? if (strlen($_POST['comment']) > 500) { exit; } ?>

You can also use a spam word list and see if viagra (or whatever) exists in text before allowing the comment. Some resources

http://www.google.com/search?num=100&hl=en&q=spamwords.txt&btnG=Search
http://www.sitepoint.com/forums/showthread.php?t=478768 << This shows you how to set one up.

=> progpat - No bugs in the script that I know of, a link and more details would be useful for troubleshooting.

For anyone that is receiving the wrong answer ... please make sure session_start(); is the 1st line of your script. AnimatedCaptcha relies on a variable stored on your server to work and will always show the wrong answer if that line is not the first thing php reads.

=> Boatswain - I think removing just the link will not work, you must delete the script all together. I do not know of a way to inject data directly into a db without a script (SQL at minimum) liaison to insert the information.

Of course, there are always people smarter than I and I guess I would not close the door on it completely.

IN OTHER NEWS: AnimatedCaptcha was just nominated for the PHP Innovation Award for June 2007 from phpclasses.org Feel free to visit the link at the top of the page and place your vote!!!

Tim
30 Jun 2007, 15:54

Boatswain, I know what you mean!! I have deleted the comment form from one of my pages and somehow the comments keep on coming! How in the world is this possible? What I mean is, though there is no place to leave or view comments, I continue to get e-mail notifications of new comments on the page, and new comments do indeed appear in the database. I am going to try changing my DB password to see if it has any effect. Thanks for the info.

-Tim

Boatswain
27 Jun 2007, 08:43

Tim, you can set the time between postings in the config.php (anti_flood_pause) and I also thought there was an option to set the amount of characters but can't find it anymore.
Sometimes I think those spammers can post directly into the database.
When I was installing this newest version I made a complete new database and the link to the commentpages was not there anymore. But still the spamm messages kept comming.
I had to delete the older database to stop it.

progpat
27 Jun 2007, 01:16

I also give the right answer, but it says that the answer is not correct.

Is it a bug ?

Tim
26 Jun 2007, 19:00

Thanks for the info Josh...I'm new to this and not sure how to check my logs, but I'm getting around 40 posts of this Casino/Phentermine spam daily. Each comes from a different IP address. Does this sound like a bot or human?

How hard would it be to make a script that blocks any IP that tries to submit a post containing >500 characters for, say twenty minutes? The spam I'm receiving is all in very long posts but my regular users generally post nothing over 300 characters. Just an idea that would have limited applications but which would probably help a few people.

Shaz
26 Jun 2007, 15:27

hehe nice captcha.... it works great ! and it looks nice, good idea guys!

Josh Storz
26 Jun 2007, 08:36

@Boatswain - Very true about spammers, this is a very profitable business and as long as you can drop a few links in comment scripts to get ranked well someone will always be there to cheat the system.

As far as your users getting the wrong answer when it is right, this is a good question. I have not noticed it so far with any of my installations. How frequently does the system get confused like that? I really can't see a reason why.

Animated Gif Captcha has only been released for a month or so, but it has been tested for many hours by my daughter as a math refresher. It might have some problems but as long as your server allows session variables .. it should work as expected.

@Tim - At the top of this comment script I have a quote ...

"Bot-spam free thanks to AnimatedCaptcha. Nothing can stop a human :]"

I too have not not received any automated (bot) spam anywhere I have installed this, which recently includes some phpbb forums that were being spammed. Humans can, and will, abuse any system that allows them to drop a link. This really isn't worth the time for most spammers so this type of spam should be at a minimum.

Also, it is possible for bots enter random numbers to break in (brute force). There are 125 potential Q&A with the default installation of this script so they won't get it right too frequently. If this is what is happening you should see evidence in your log files.

Boatswain
26 Jun 2007, 08:12

@Tim,
Are you sure that they are spam bots and not humans ?
So far I still have no spam messages but I'm affraid that as long these spammers are around, no matter what we do we can't prevent it.

Tim
26 Jun 2007, 01:19

Boatswain, I haven't seen that problem yet with the install I did on my site. On the other hand, I am still getting lots of spam. How are these bots getting past this script? I wonder if they are smart enough to enter random numbers (and occasionally get one right). I am not able to post a comment on my site without entering the right number so it seems the script is functioning properly. I'm getting "Casino Games" and "Phentermine" spam.

Boatswain
25 Jun 2007, 08:22

There are users complaining that they give the right answer but after submitting it says that the answer is not correct. Is it something in my settings or can it be a bug ?

Tim
24 Jun 2007, 18:57

I am having the same issue as Boatswain (no update.php in the zip file). I wrote to Scriptsmill about it and hopefully they will update the zip on their servr to rectify the issue.

Boatswain
13 Jun 2007, 11:30

Hello Josh,
Well I was cheering a little to early yesterday. The animated captcha was in the comment section but when I made some test postings I could submit without entering a number, just an empty field. So I think something gone wrong with upgrading Scriptsmill version 1.1 to 1.3. So today I made a backup of my comments database and created a new DB, installed the version with your captcha and after making some test postings it seems to work fine now.
Would be great to make a support section here, that's what I miss and also on the Scriptsmill site. Allthough I'm not a scripter, maybe I could help others.
Thanks again and greetings, Marjon

Josh Storz
13 Jun 2007, 10:34

@Boatswain - Glad to hear you got it up. If you took notes during the upgrade process, feel free to email them to me and we'll document it here with the script. I personally have never upgraded and dealt with this. I did recently added AnimatedCapture to phpbb and will document how to do this in the near future.

It sounds like soon we will be adding a section of this page for implementation into popular scripts.

@RobIII - Great catch. Sometimes it's the obvious things that you miss while scripting. I have updated the script and released v1.3 (both downloads above). Thanks!

RobIII
13 Jun 2007, 04:52

Not very smart to show the "correct answer" when submitting a wrong answer. This way a bot can "learn" the correct answers (hash of the captcha image should be enough) and try again after learning enough variations.

Boatswain
12 Jun 2007, 13:05

Got it !! :-)
Just had to change the default template to the AnimatedCaptcha.
Would have saved me lots of time and sweat if it was documented somewhere. Anyway, it seems to work. Now let's hope it keeps those botspammers away.
Thanks for this script :-)

Boatswain
11 Jun 2007, 06:45

How do I get the captcha into the scriptsmill script , just as the comment script here ?
I'm using scriptsmill comment script in over 250 photo pages on my homepage and spammers are using 3 of them allready to dump their filth. I'm supposed to use the update.php file in the newest version of scriptsmill but that file is not there. I can't find any good tutorial that tells me exactly what to do and what to change.

Secured by Animated Gif Captcha Powered by Scriptsmill Comments Script

*Name:
Email:
	Notify me about new comments on this page Hide my email
*Text:

*Answer: