Animated Gif Captcha :: Google Suggest Scraper :: Tabbed Browser

Animated Gif FREE PHP Captcha Script [AnimatedCaptcha]

What is a Captcha and why should my web site use it?

A captcha is a logical question /response test used on the internet to determine whether or not the user is human. Questions should be simple enough for anyone to answer, yet difficult enough that a program cannot break it regularly.

The main strengths of this script lies with the fact that it's a gif, not a jpg or ping. This sets it apart from 99% of the captcha programs on the market and makes breaking it a challenge because a cracker must use different classes and functions to even read it.

AnimatedCaptcha is a Free PHP Captcha that is a secure & readable version of captcha with very few limitations.

When deciding on a captcha you have many choices from KittenAuth to Flash Video Captcha. As well as and many others that rely on the open source GD Graphics Library. Every captcha has their own problems and limitations. Some choose to contort letters that make them unreadable or confuse numbers and letters. Others rely on javascript which is an unreliable client side verification. AnimatedCaptcha makes spam protection simple for users while maintaining the highest level of security against spam bots.

Well deserved credit needs to be given to KrakJoe, ErectADirectory and phpClasses.org for assisting in the idea development and coding for this animated gif implemetation of a PHP captcha script.

Try it out now, just answer the scrolling question while leaving a comment.

Downloads

AnimatedCaptcha v1.4

Basic Animated Gif Captcha package. Developer friendly & released under the LGPL for maximum flexibility.

See it in action

ScriptsMill Comments
+ AnimatedCaptcha v1.3

Free PHP comments script + Animated Gif Captcha for a safe, secure and robust way to let your users make comments.
GPL license ... Freeware Apps Only!!!

See it in action

Is this captcha any good? - Read More

The easy answer is yes ... it will heavily cut down on the amount of spam you receive by requiring critical thinking.

Breaking down a Captcha

Traditional captcha systems have several weak points that take away from their potential effectiveness.

Images are difficult for humans to read
Images are readable to some bots (programs made to spam your site)
Reliancy on 3rd party APIs such as flickr
Exclude users who choose to disable javascript

I have heard many complaints from site users and communities about the ineffectiveness of today's captcha systems. In theory, using flat pictures (not text) to separate the humans from the robots is an excellent idea. The problem, however, is that spam is profitable and anywhere there is money ... crackers are close behind ready to exploit the system. These guys are smart enough to write programs that recognize text inside a picture which renders traditional captcha programs useless.

Why is AnimatedCaptcha any better?

Because this captcha is not a single image, it keeps the robots guessing. Traditionally, for a program to break into a captcha, it would have to read the picture pixel by pixel and look for combinations of pixels of the same color. From here, bad bots can stitch those colors together and recognize letters as patterns of colors.

By making the above images a series of pictures (called an animated gif), it makes breaking into this captcha system very difficult. Why is it so difficult?

The number of frames created are totally random
The elapsed time of the animation's rotation is random
The numbers (1-9) and operators (plus [+], minus [-] & times [x]) are also chosen at random

There are 125+ different combinations of questions by default.

This system is also superior to traditional captcha images because it is very readable to humans and complete an total jargon to programs. Usually the text in a captcha is contorted or placed on a very busy background, this leads to an unreadable capcha (expecially to the visually impared). AminatedCaptcha fights bots by using multiple layers instead of 1 flat picture. Confusing to bots but shows up as plain letters on a white background which makes very easy on the eyes.

As an additional benefit, the frames are numbers instead of letters which allows for

Captcha to be multi-linugal.
Questions easy enough for any 3rd grader (~10 years old) to answer.
Never again confuse the characters 1,l,I,0,O and many other tricky alpha-numeric options.

Leave a comment - show / hide

Bot-spam free thanks to AnimatedCaptcha. Nothing can stop a human :]

Comments

wonderboy
04 Jan 2009, 22:21

can this comment script be resized?

dfsdf
04 Jan 2009, 02:41

ryrtyrtyertyerery

ertww
02 Jan 2009, 23:49

gefg

neer
30 Dec 2008, 04:38

asfasdf

Beekeeper
30 Dec 2008, 00:24

just testing your captcha

Steve
26 Dec 2008, 11:49

awqawqawq

uiiui
23 Dec 2008, 09:03

yuiiyiyuiyii

cuok
23 Dec 2008, 09:01

vilil

vilvilo
23 Dec 2008, 09:00

iholiolopuæ

venantius
22 Dec 2008, 08:46

TEST AJAH

Jarin Bixler
19 Dec 2008, 21:19

Thank You

jaclyn
15 Dec 2008, 01:27

hey ya

asdf
12 Dec 2008, 15:27

asdf

Test
11 Dec 2008, 22:54

tes

rty
10 Dec 2008, 11:20

rtyertytr

Soko banja
06 Dec 2008, 22:45

Where can i Find ask and answers scripts for S-banja www.soko-banja.org site ?

George
05 Dec 2008, 23:09

very good

Pranesh
04 Dec 2008, 17:40

Hello

fdsafas
04 Dec 2008, 17:06

dsfds5

deb
01 Dec 2008, 00:37

thanks!

wael
30 Nov 2008, 23:57

How do I get the captcha into the scriptsmill script , just as the comment script here ?
I'm using scriptsmill comment script in over 250 photo pages on my homepage and spammers are using 3 of them allready to dump their filth. I'm supposed to use the update.php file in the newest version of scriptsmill but that file is not there. I can't find any good tutorial that tells me exactly what to do and what to change.

Manolis
30 Nov 2008, 01:10

Test

o
28 Nov 2008, 20:45

ooo

eli
28 Nov 2008, 19:16

this is eli

adsfdsa
25 Nov 2008, 23:11

adfadsfdsaf

dddddddd
23 Nov 2008, 15:08

test test test

margn
23 Nov 2008, 09:45

test

bELLA
22 Nov 2008, 16:32

test

Marc
22 Nov 2008, 12:54

???

jhon
19 Nov 2008, 09:30

12
17 Nov 2008, 13:21

cccc

Josh
17 Nov 2008, 07:17

@Luc Brenner ... I won't be doing integration to 3rd party software without an outcry from the people in the comments here. Sorry

If anyone has done an integration of Animated Gif Captcha on some popular software (phpbb, vbulletin, pligg, ...) and don't mind sharing it here I'll love you forever and return the favor however I can, a strong link from this page or whatever.

DAOUT
06 Nov 2008, 09:58

Gonna give it a try ! :)

gh
03 Nov 2008, 10:54

seems to be workng, neat

Stefan
01 Oct 2008, 14:19

Great captcha !

Luc Brenner
14 Sep 2008, 20:14

Hi Josh, any instructions on how to integrate Animated Captcha with tectite formmail ? (www.tectite.com)? Tectite formmail is a very advanced form mail so I think it would be useful for others too. Thank you.

Luc

Josh
02 Sep 2008, 05:24

@dana

If you wanted to allow me access to your server for a bit I'd be happy to look into it for you as I've had several requests about how to hook this up with just using an iframe.

Just shoot me an email

dana
28 Aug 2008, 17:06

Jodh...
great apologises but I cannot get the amount of comments per page hack to work..most likely my own limited scripting knowledge in a php script is likely the problem here..
I've worked some in php without hassle, but I cannot get this hack to work..
thanks anyway..

dana
27 Aug 2008, 17:07

@josh,

Thank you for the hack, Josh..I'll give it a try and I appreciate the further advice for the iframe.

Josh
26 Aug 2008, 21:37

@ www.IdoNOTwantKids.com - I can't find this captcha on your site ... I checked out the register section.

However I'll try to answer your question, yes, bots can just scan the directory for a *register* file and assume that's the registration form (common sense). Integrating this directly into that form is really the only way to protect it.

If you really wanted to continue the path you are on just change the name of register to 3jl23lk23j4.php or something unique, perhaps move it to a different directory. This might keep directory scanners at bay.

But bear in mind, 1 successful captcha answer by a human reveals the hard file location ... so that's not very secure at all.

Josh
26 Aug 2008, 19:58

@rajen - The steps to install are located in the readme file in the download. There are also example scripts that you can use as a guide.

I'll help with any questions but I can't offer free services to install this for everyone, I hope you understand. It's a big internet and if I held everyone's hand I wouldn't have any time to do much of anything else.

I wouldn't consider implementing a captcha (any captcha, not just this one) to be a beginner level installation, it's a 4/10 difficulty level. You have to deal with includes & sessions. That said, $10 at the BST section of digitalpoint would get this installed without any problems.

@Dana - it sounds like the iframe comment section is submitting to the "parent" page and not the iframe itself. Try adding target="myframe" to your

www.IdoNOTwantKids.com
26 Aug 2008, 17:57

I got the script to work perfectly for my site: www.IdoNOTwantKids.com

After the person enters the correct answer, they are then provided with the link to signup page for my website. However, my question/concern is: won't the bots simply scan my entire directory and basically skip the prior verification page and simply go directly to the signup page? I COULD NOT FIGURE OUT HOW TO COMBINE THIS SCRIPT WITH MY INTENDED PHP FILE...

Is there a way to avoid this from happening so that the bots CANNOT access the signup page without first visiting this captch page?

peter
26 Aug 2008, 12:36

tets

find best on-line savings accounts
25 Aug 2008, 09:24

Cool blog
Thanks, webmaster.

credit unions with the best savings accounts
23 Aug 2008, 11:32

Coll blog, thanks.

Dana
22 Aug 2008, 14:56

@Josh..
Hey Josh..I got it to work better by just adding the '?' after the comment.php !!!! Thanks for that heading me in that direction.
Now I need to add a refresh button to the script as the only sticking point is the same Animated Captcha shows back up for the next comment to be entered unlesss the iframe page is refreshed..
ALSO..would really like to limit the amount of comments per page..any help here??
Thanks again.....

dana
22 Aug 2008, 14:46

One other thing..anyone know how to restrict the scriptsmill comment to a limited number of comments per page rather than running on indefinitely long?
Thanks

Dana
22 Aug 2008, 14:44

To:Josh
21 Aug 2008, 17:22

I really appreciate your sugestion of help.
I tried the script as you offer but it doesn't work at all.
Before I would get an error page but when I went back to the page with the iframe, the comment would be added..but I think the submit then going to a error page will inhibit people from adding their comments or realising they've possibly been added.
When usng your format it appears the comment has been submitted but when the page refreshes the comments has not been submitted.

I agree it should work since it works on its own page.

and I think I got it to work without the Animated Caprcha..but I need some verification process or else I get spammed and junked to death

Thanks again Josh..for trying..

Rajen Shah
22 Aug 2008, 07:52

I am beginner, Can any one send me the steps how to install this script in my web.
My mail address is rajen.shah2001@gmail.com

Rajen Shah
22 Aug 2008, 07:50

I am beginner, Can any one send me the steps how to install this script in my web.

Josh
21 Aug 2008, 17:22

@dana - If you can get this working on a page by itself, iframes should work perfectly. Here's a little code to help you out.

Suppose your comment script was installed here --> hxxp://www.domain.com/comments/ and you wanted the captcha working here hxxp://www.domain.com/about_us.php (or contact_us.php, index.php?p=15, ....).

On about us do this
<iframe src="hxxp://www.domain.com/comments/comments.php?page=<? echo $_SERVER['REQUEST_URI'] ; ?>" width="600" ....... ></iframe>

The above will give your comment a specific page so each section is separate, if not all your comments would be jumbled into one. Just a unique url is all it takes.

About the comment script .....

I'd love to make the switch away from scriptsmill alredy. Sadly everything else I looked at was pretty underwhelming.

To everyone: Any suggestions?

Sky is the limit (ajax, etc) but there are a few requirements.

1. php
2. mysql
3. GPL or LGPL license (prefered: LGPL)

Bring it on, you guys pick the best and I'll fit animated gif captcha into place and provide it for download.

Josh
21 Aug 2008, 17:14

Maik - I'd love to help you translate it to German, I'd further digg you providing me the images so I can include it in the download I provide. I'll give you attribution in the coding. Same goes for anyone else in other languages. Math is pretty multi-lingual but I'd love to see some language specific downloads.

Your problem with the images is probably the format of the picture. They must be in .gif formats and probably shouldn't have transparency (though I'm not totally sure about that).

If you're still having problems, wrap the photoshop/gimp file up or just save all the frames and email them to me (click my name). I'll save them correctly for you.

Josh
21 Aug 2008, 16:53

Hello all new users, I've not commented recently so I'll try to address everyone.

@Greg - I really can't say exactly what your issues are without having the ability to troubleshoot. The session definitely needs to be set on every page that uses the script.

ShadowHawk might have addressed your problem, when bringing up that his host wouldn't allow sessions. Have you been able to get any captcha to work?

Attention ShadowHawk's host: 1992 called and they want their servers back.

C'mon, sessions are the most secure way to keep track of a visitor, costs nothing and consumes a very small amount of memory. Surely we can get support for this stuff.

Thanks for your input ShadowHawk, it was greatly appreciated!

Thanks for using the script!!!

Maik
17 Aug 2008, 07:25

Hi Josh and community,

I tried to translate your images(0-9) into germany.
I did upload it, but now the text is insivible?

What did I made wrong?

Regards Maik

dana
15 Aug 2008, 14:43

I need to clarify my previous comments here. Using the scriptsmill comment script,
I can get this script to work somewhat if it is on it's own page, but not when I try to incorporate it into an existing webpage, which is where it is most useful.
I'd like to include in on the webpage within an <iframe>as I have with other php scripts...but it won't work at all within an <iframe>(any suggestions?)
Since the scriptsmill is really inadequate in terms of giving configuration and admin control over most aspects of it,
I'd like to get his fine script to work on another comment php but it doesn't seem to want to...any specific instructions available other than the readme text on using it with another php comment script??

Jonny
15 Aug 2008, 14:26

Great Script suits my purposes perfectly

Like Josh said down below

dont forget the <?php session_start(); ?>

at the top of the page

thanks everyone involved in this script

hope i can get my answer right

dana
15 Aug 2008, 14:17

This looked like such a great idea but after trying every way suggested it will not work.
I installed the <?php session_start();?> at the top of the php page but continue to get "Incorrect answer" when it is the right answer.
Of course, the scriptsmill comment script isn't that great to begin with..so I tried using the independent AnimatedCaptcha with a better php comment script and it didn't work there either. I tired a number of variations in trying to get it to work.
It also takes a very long time to run its course before finally revealing it isn't working.
I'm not a newbie at this..and I'm glad some people found success with it..
just not me.
I give up.

sonicpaint
09 Aug 2008, 21:40

For those who are getting the wrong answer to the question when it's right.

Check to see that you've added
<?php session_start();?> at the top of the page.

Nice script, I've customized my version to suit my needs but it's great. Thanks!

ShadowHawk
30 Jul 2008, 19:03

I previously tried to install the captcha on my website, but could not do so. After quite a period of time, I finally gave up. I would like to point out that the problem is not with the great script you have written, but it was on my end. My web site provider did not have PHP sessions turned on. So if anyone encounters a problem with the captcha reporting errors even if the code entered is correct, make sure your provider has PHP sessions turned on.

freeringtonesSuinnaSok
29 Jul 2008, 22:50

The site querythe.net is interesting resource, thanks, webmaster.

Joe
21 Jul 2008, 18:09

This looks like fun.

Phil
19 Jul 2008, 00:39

Absolutely amazing.
I'm only a beginner at PHP but got it going OK so it can't be that difficult.
Thanks heaps

Kai Middleton
16 Jul 2008, 02:37

Interesting.

Greg
15 Jul 2008, 18:39

Josh,

I wanted to thank you for your offer to help; however, after spending five hours trying to get the captcha to work today, I am throwing in the towel. I can't afford to waste anymore time. I am quite computer literate and I know I have done everything that has been advised. I have disabled the script and am in the throughs of of removing the captcha all together. I will have to try another captcha script. Again, thanks!

Greg
15 Jul 2008, 12:37

Josh,

Could you clarify which page you are talking about that requires "start of session"? If it's the index.php file, it's already there. Is it required any where else?

Thanks!

Greg

Greg
14 Jul 2008, 23:57

Josh,

I uploaded it right out of the box! Tried it both with firefox and internet explorer. No luck. My url is www.shadowhawksden.com/Comments/comments.php

Josh
14 Jul 2008, 21:53

@greg - shoot the url my way and I'll see if I can help. The biggest problem people have is not putting <?php session_start() ; ?> at the top of the page. This is insanely important.

Did you try to just upload the script and run it right out of the box? This is the best way to test since it will eliminate any coding errors.

Greg
14 Jul 2008, 17:50

I've tried every suggestion made and cannot get the script to work. It always reports an incorrect answer. I give up!

George
14 Jul 2008, 16:19

this is nice

Anonymous Poster
06 Jul 2008, 20:23

P.S.: Just SumbleUpon'd.

Anonymous Poster
06 Jul 2008, 20:19

Oooh; very nice. Props to the creators; especially for making it available for free.

<3

Al Red
06 Jul 2008, 07:11

This seems like a more viable option

Jennifer
04 Jul 2008, 08:18

First time to use it. Lets me see how good my sifering is :)

Josh
10 Jun 2008, 18:51

@Xtremegamer - The problem with that type of captcha is that you have to pre-program in every Q & A into the script. Not only is this very time consuming, but also spam bots can be programmed to read the question and understand the answer.

I chose to go away from gd/jpg & text based captchas for a reason ... people break them all too easy. I'm sure one day the animated gif will be able to be read by a program. The technology is there but the simple fact is that nobody else uses this type of captcha so it's really flying under the radar at this point.

Nothing is forever though, I'm not kidding myself.

And yes ... if you can't do single digit math, you won't be able to pass the captcha. My daughter was doing this with a 100% success rate at 9 years old. If you can't get the correct answer, you have no business being on the internet.

themobileguru
04 Jun 2008, 01:33

very clever

Ivan Avery Frey
03 Jun 2008, 23:18

Interesting

cbravo
03 Jun 2008, 10:19

Excellent idea...

Johnny
03 Jun 2008, 08:08

very good - better than twisted letters

Xtremegamer
03 Jun 2008, 07:43

You can allways choose a different question to solve like what color is this banana ...

P.S.= calculators were invented for a reason.

Juanda
03 Jun 2008, 04:53

Hi, I'm just testing this functionality...seems to be great!

John
03 Jun 2008, 03:45

@floyd:
if you cannot do basic math, you probably shouldn't be on the internet posting comments.

floyd fisher
03 Jun 2008, 00:45

Nice idea, but what if the person in question cannot do math?

Vinix
02 Jun 2008, 23:29

Cool! Would you have a .NET version? Please let me know when it come out.

iFX
02 Jun 2008, 21:21

good idea...

bill
02 Jun 2008, 15:21

ok, it... FINALLY

David W
02 Jun 2008, 13:55

looks good - must try it8

Josh
02 Jun 2008, 12:07

@khan - The error reporting should not make a difference in the successful implementation of the captcha. Just make sure session_start() ; is at the top of the page and no errors should occur. Glad to see you got it working though.

@Grayson Peddie - When you do the translation please send it over. I'm no jedi with ASP but would love to add your implementation of this script for future readers. Will return link .. thx.

@David - One thing I will be clear about is that this system does not require cookies, it uses session variables which take place on the server (host) and not locally on your machine.

I do find it odd that you unsuccessfully tried the captcha for 5 minutes yet I did not get one single incorrect answer come from your ip address. (Yes I log this stuff).

If you just want to post a comment type "asdf" like everyone else and try it out instead of posting incorrect statements that mislead people reading the page. I simply delete jibberish instead of leaving them afloat with the rest of the feedback.

Grayson Peddie
02 Jun 2008, 08:53

Nice Animated Captcha.

I'm thinking about implementing this in my ASP.net website.

Thanks!

David
01 Jun 2008, 19:27

One thing we must be clear about when using this technique is that the browser must be accepting cookies for the CAPTCHA to work. I just spent the last 5 minutes wondering why every single answer I gave was deemed to be incorrect.

Testing
30 May 2008, 14:09

Just wanted to see how this work. Cool idea!5

khan
02 May 2008, 08:28

@Josh

thank you for your words!

Well, the code was installed correct.

I solved the error thing by another trick and it worked :)

i switched off error reporting from comments file of comments script and it worked perfect!

i put:
error_reporting(0);

at very start!

and uncommented the session_start();

It works fine now!

Thank you for your support!

Josh
30 Apr 2008, 13:36

@khan

After uploading AnimatedCaptcha v1.4 go to the page example.php. Don't change the code in any way. This will show you the script working on your server.

For adding the script to an existing page or layout , the 1st thing you will want to do is to add <?php session_start(); ?> to the very top of your page. This will start a session that logs the correct answer on your server. It's probably the most important part of the installation and the one most commonly messed up when implementing this free php captcha into an existing page.

My name links my real email so feel free to send any specific code or installation questions to that address and I'll be happy to help you get this captcha set up on your server.

asdaa
30 Apr 2008, 05:16

himmm good

khan
30 Apr 2008, 03:06

@Josh Storz

yes, you are right, actually it gave me session already sent error, so i commented session_start(); in order to get rid of this error.

Can you tell me how can i solve this issue? if i turn on my session_start, it gives me error, and i don't know where are headers already sent?

should i need to move my code or do something different?

Josh Storz
29 Apr 2008, 18:31

Thanks to all the new users of this free php captcha script. Anyone who has any problems with installation of this script please hit the "Contact QueryThe.Net" link above and give a pretty good explanation of what is going on.

@ khan - "my one is giving error for every answer" probably means that your session is not set at the very top of the page (even before the <html>). If a session is not set correctly on the server the answer will always be wrong.

Feel free to contact me directly if you can't get it working and I'll see if I can help you more. It works quite well, I promise

khan
29 Apr 2008, 12:59

my one is giving error for every answer

ben
24 Apr 2008, 10:57

gonna try it

Sergei Kretov
07 Apr 2008, 03:54

Good captcha! :)

Josh Storz
05 Apr 2008, 22:18

@ cliff >> sorry no audio component is available though I considered building one on a while ago. If there is a serious outcry I might consider it again.

@ Jim >> example and script has worked beautifully for everyone I've spoken with. Shoot me some details if you need help getting it worked out. I think you might have posted right after saying it didn't work ... answered that question yourself did you?

By the way ... this captcha class just passed 1,600 downloads ... this includes the class as an individual and included with this comment script. Thanks to everyone for making this such a successful little script. This number does not, however, include the number of downloads from phpclasses or hotscripts ... If I had to guess were somewhere around 2,500 total downloads right about now.

cliff
04 Apr 2008, 16:49

does it have an audio component for the blind?

Jim Dillon
18 Mar 2008, 14:52

This is cool, I guess it only lets ya post a real comment.

Jim
18 Mar 2008, 10:48

The downloaded comment with captcha doesn't work for me and neither does youe example. Can you clarify?

Google
12 Mar 2008, 11:37

It's googlebot, your captcha is a piece of cake.

Josh
22 Jan 2008, 15:46

Spam has been coming in and it's not going through animated gif captcha section of the comment script. What does this mean? Well for starters it's not a breakdown in the captcha script ... it's not going through that filter at all.

I have recently added a check to see if a url is referenced in the text that is being entered. The thinking is that if someone is here to spam, they are probably dropping a link while doing so.

This workaround has been effective so far. If anyone knows of a good comment script that is better at keeping people from dropping links than the scriptsmill one, please suggest it here and I'll drop this crappy comment script like an ex-girfriend and put out an industrial strength one for you guys to use with animated captcha embedded.

GabrielLins
04 Jan 2008, 15:17

THANKS!!!!!

farty joe
04 Jan 2008, 13:55

Cool...

anominous
19 Dec 2007, 14:27

It works!

Josh Storz
14 Nov 2007, 10:16

Welcome all the new users of thiscaptcha system & thanks for the comments.

@Bentley - no pain ... no gain :]

@moka - a better explanation of why the system is no fully working would be in order. Dozens have successfully installed this so if your system has a problem I would love to hear the specifics and help you get it worked out.

@levi - Thanks for the comments. One of my fears for this is when it does become widely used it will get more people trying to break it. I don't think this can be avoided.

What makes this more secure right now is that it is uses animated gifs instead of flat jpg/png images. Not many are using this technique currently. Using flash pictures might be a bit safer but this technology is like javascript ... not everyone has it active in their browsers so it would be excluding a % of your users. Every browser reads animated gifs so it's a safer option than flash or js.

Straight OCR would not work because of the captcha is not a flat picture. In order for someone to break it programmatically they would need to slice out each frame and extract the math involved. I'm sure this can be done, but you are absolutely correct about the issues with it being widely used. When many pages have this security in place, the stakes will be higher and some crackers will start trying to break it.

I make no guarantees of this working 100% of the time forever, that would just be foolish. That being said, I am having much better success with this than I have with any captcha system I have ever used previously.

levi
13 Nov 2007, 12:14

I like the innovation.. as well as the math practice... but if a bot can OCR an image.. what do you think will happen if/when CAPTCHA becomes widely used? i'm pretty sure computers are better at math than most humans :)

moka
02 Nov 2007, 23:21

not working fully

steve
31 Oct 2007, 10:57

cool

Bentley
15 Oct 2007, 18:29

This is kinda cool, but kinda painful at the same time....

Josh Storz
01 Sep 2007, 10:13

@Chris - Thanks for your comments and I am always looking to improve the program. There are 2 issues that I have with implementing something similar to what you are suggesting

1> Plain text will not work as bots are already accustomed to reading text. Just scrape and add (or - * / ), I could write something to get around that in minutes. Now breaking down an animated gif is much more challenging, which is what led me to create this project.

2> I think you might not be giving enough credit to your users. My 9 year old figures this out easily, I doubt there is a market for websites that use CAPTCHA for people under 9. + math makes it non-language specific. True, there is some english there but if you can recognize numbers then you can get past the captcha.

Also, all numbers in the questions are single digit by default. All answers are positive numbers. This can be easily changed by modifying the code but I wanted to make this as simple as possible right out of the box.

@Sven - I totally agree. I have seen some around the net that allow this. I guess I chose a good comment script (but not great) to use AnimatedCaptcha with. BTW: I am not affiliated at all with Scriptsmill (they won't even return my emails).

Any suggestions for a better comment script can be left here and I will integrate it if I deem it worthy of our time.

Chris
29 Aug 2007, 13:53

If simple math is your captcha, then plain text will work just as well, because 'bots aren't programmed to expect it.

Chris
29 Aug 2007, 13:50

this isn't bad, but you would be amazed how many really stupid people there are out there on the Internet. In my experience, a good 10% of users could not figure this out, especially if asked to multiply double digits. However the technology could be used to good effect if you simply flash a moving number or word.

Sven
20 Aug 2007, 15:07

This is a great addon to the comment script, now it only needs one more thing to fill my requirements: moderation (no direct updated comments, it has to be accepted by admin first ;)

Josh Storz
16 Aug 2007, 21:21

Terry,

I would really have no idea without seeing the script in action, and even then I would have to look under the hood (see the php not just the output html).

Perhaps you do not start your session at the top of the page then when someone does not enter an answer it matches. A quick check to see if that is the problem would be to insert something in the answer column. By doing this 'N' == '' would not work whereas '' == '' would.

Make sense? Send the url through my contact page and I'll take a looksee.

Mark
16 Aug 2007, 13:10

Nice idea!

Terry
12 Aug 2007, 15:54

The problem I am having is that you do not have to put anything into the answer box and just hit submit and it will go through. So I am not able to block any spam at all. I am sure I did something wrong... but what?

Roel
05 Aug 2007, 16:10

This looks interesting

charly
04 Aug 2007, 04:43

awesome

Boatswain
25 Jul 2007, 13:31

Yes Josh, I noticed the spam here and the amount is simulair as the ones I got in my comments.

Josh Storz
25 Jul 2007, 00:47

As some of you have noticed, some bb style spam has gotten through this comment script. The scary part is that they have totally bypassed the captcha system. This I know because I get an email each time the captcha is answered ... I get nothing from these spam attempts.

In some previous comments, users have discussed direct db insertion by crackers. I still don't think this is possible, but they are abusing a weakness in the scriptsmill comments script. I am looking into this and should be able to point out the weakness in the near future.

Josh Storz
03 Jul 2007, 15:13

Tim => Writing an IP blocking script is not terribly difficult, but the easiest way for you to achieve this would be just to block comments where the characters are > 500

<? if (strlen($_POST['comment']) > 500) { exit; } ?>

You can also use a spam word list and see if viagra (or whatever) exists in text before allowing the comment. Some resources

http://www.google.com/search?num=100&hl=en&q=spamwords.txt&btnG=Search
http://www.sitepoint.com/forums/showthread.php?t=478768 << This shows you how to set one up.

=> progpat - No bugs in the script that I know of, a link and more details would be useful for troubleshooting.

For anyone that is receiving the wrong answer ... please make sure session_start(); is the 1st line of your script. AnimatedCaptcha relies on a variable stored on your server to work and will always show the wrong answer if that line is not the first thing php reads.

=> Boatswain - I think removing just the link will not work, you must delete the script all together. I do not know of a way to inject data directly into a db without a script (SQL at minimum) liaison to insert the information.

Of course, there are always people smarter than I and I guess I would not close the door on it completely.

IN OTHER NEWS: AnimatedCaptcha was just nominated for the PHP Innovation Award for June 2007 from phpclasses.org Feel free to visit the link at the top of the page and place your vote!!!

Tim
30 Jun 2007, 15:54

Boatswain, I know what you mean!! I have deleted the comment form from one of my pages and somehow the comments keep on coming! How in the world is this possible? What I mean is, though there is no place to leave or view comments, I continue to get e-mail notifications of new comments on the page, and new comments do indeed appear in the database. I am going to try changing my DB password to see if it has any effect. Thanks for the info.

-Tim

Boatswain
27 Jun 2007, 08:43

Tim, you can set the time between postings in the config.php (anti_flood_pause) and I also thought there was an option to set the amount of characters but can't find it anymore.
Sometimes I think those spammers can post directly into the database.
When I was installing this newest version I made a complete new database and the link to the commentpages was not there anymore. But still the spamm messages kept comming.
I had to delete the older database to stop it.

progpat
27 Jun 2007, 01:16

I also give the right answer, but it says that the answer is not correct.

Is it a bug ?

Tim
26 Jun 2007, 19:00

Thanks for the info Josh...I'm new to this and not sure how to check my logs, but I'm getting around 40 posts of this Casino/Phentermine spam daily. Each comes from a different IP address. Does this sound like a bot or human?

How hard would it be to make a script that blocks any IP that tries to submit a post containing >500 characters for, say twenty minutes? The spam I'm receiving is all in very long posts but my regular users generally post nothing over 300 characters. Just an idea that would have limited applications but which would probably help a few people.

Shaz
26 Jun 2007, 15:27

hehe nice captcha.... it works great ! and it looks nice, good idea guys!

Josh Storz
26 Jun 2007, 08:36

@Boatswain - Very true about spammers, this is a very profitable business and as long as you can drop a few links in comment scripts to get ranked well someone will always be there to cheat the system.

As far as your users getting the wrong answer when it is right, this is a good question. I have not noticed it so far with any of my installations. How frequently does the system get confused like that? I really can't see a reason why.

Animated Gif Captcha has only been released for a month or so, but it has been tested for many hours by my daughter as a math refresher. It might have some problems but as long as your server allows session variables .. it should work as expected.

@Tim - At the top of this comment script I have a quote ...

"Bot-spam free thanks to AnimatedCaptcha. Nothing can stop a human :]"

I too have not not received any automated (bot) spam anywhere I have installed this, which recently includes some phpbb forums that were being spammed. Humans can, and will, abuse any system that allows them to drop a link. This really isn't worth the time for most spammers so this type of spam should be at a minimum.

Also, it is possible for bots enter random numbers to break in (brute force). There are 125 potential Q&A with the default installation of this script so they won't get it right too frequently. If this is what is happening you should see evidence in your log files.

Boatswain
26 Jun 2007, 08:12

@Tim,
Are you sure that they are spam bots and not humans ?
So far I still have no spam messages but I'm affraid that as long these spammers are around, no matter what we do we can't prevent it.

Tim
26 Jun 2007, 01:19

Boatswain, I haven't seen that problem yet with the install I did on my site. On the other hand, I am still getting lots of spam. How are these bots getting past this script? I wonder if they are smart enough to enter random numbers (and occasionally get one right). I am not able to post a comment on my site without entering the right number so it seems the script is functioning properly. I'm getting "Casino Games" and "Phentermine" spam.

Boatswain
25 Jun 2007, 08:22

There are users complaining that they give the right answer but after submitting it says that the answer is not correct. Is it something in my settings or can it be a bug ?

Tim
24 Jun 2007, 18:57

I am having the same issue as Boatswain (no update.php in the zip file). I wrote to Scriptsmill about it and hopefully they will update the zip on their servr to rectify the issue.

Boatswain
13 Jun 2007, 11:30

Hello Josh,
Well I was cheering a little to early yesterday. The animated captcha was in the comment section but when I made some test postings I could submit without entering a number, just an empty field. So I think something gone wrong with upgrading Scriptsmill version 1.1 to 1.3. So today I made a backup of my comments database and created a new DB, installed the version with your captcha and after making some test postings it seems to work fine now.
Would be great to make a support section here, that's what I miss and also on the Scriptsmill site. Allthough I'm not a scripter, maybe I could help others.
Thanks again and greetings, Marjon

Josh Storz
13 Jun 2007, 10:34

@Boatswain - Glad to hear you got it up. If you took notes during the upgrade process, feel free to email them to me and we'll document it here with the script. I personally have never upgraded and dealt with this. I did recently added AnimatedCapture to phpbb and will document how to do this in the near future.

It sounds like soon we will be adding a section of this page for implementation into popular scripts.

@RobIII - Great catch. Sometimes it's the obvious things that you miss while scripting. I have updated the script and released v1.3 (both downloads above). Thanks!

RobIII
13 Jun 2007, 04:52

Not very smart to show the "correct answer" when submitting a wrong answer. This way a bot can "learn" the correct answers (hash of the captcha image should be enough) and try again after learning enough variations.

Boatswain
12 Jun 2007, 13:05

Got it !! :-)
Just had to change the default template to the AnimatedCaptcha.
Would have saved me lots of time and sweat if it was documented somewhere. Anyway, it seems to work. Now let's hope it keeps those botspammers away.
Thanks for this script :-)

Boatswain
11 Jun 2007, 06:45

*Name:
Email:
	Notify me about new comments on this page Hide my email
*Text:

*Answer:

Secured by Animated Gif Captcha Powered by Scriptsmill Comments Script