Fighting spammers in frames with PHP and animated gifs!!! Download: http://querythe.net/Animated-Gif-Captcha/ Regardless what your site is about, if you allow user interaction in your blogs, directories, forums and most other scripts you are just asking for spam. Nothing can keep a human away but spam bots & other malicious programs we can do without. In order to make their life as tough as possible, AnimatedCaptcha was born right here at DP just last week. I’m going to cut out most of the sales pitch since I’m giving this tool away totally for free, not much of a need to pump anybody up. What I am going to do is dazzle you with some awesome features that make this version of a captcha pretty smurfin’ special. • AnimatedCaptcha produces a gif whose number of frames and time in between frames are totally random (this makes breaking it quite hard) • Math based and easy enough for my 9 year old answers every question flawlessly (young person friendly) • Easy on the eyes, no twisted or contorted letters (old person friendly) • Session oriented so no “on the page†clues left around for bots to find • Not dependent on the GD library … or anything else for that matter. Any LAMP hosting environment will do. • OOP for PHP 4 & 5 implementation (thanks KrakJoe) • 125 default Q&A (more can be added with a few minor changes) I’ve got 2 downloads set up for this script. One is a stand alone for you to implement it however you want. The other has AnimatedCaptcha set up with a nice little comment system so you can see it implemented. Comments and criticisms totally welcomed here. All captchas have their weak points, not many of them exist with AnimatedCaptcha but I'd rather you guys point it out so I can fix it rather than have deficiencies exploited by a spammer. Enjoy! BTW: If you'd care to write about this tool, feel free to append the url of the link with your adsense id like this (http://querythe.net/Animated-Gif-Captcha/?adsense-id=pub-7464867846280233) and I'll show your ads at the top of the page so you can make some advertising $$$ off of your users.
It's a pretty creative idea, but can't a bot just download the image and use a GIF library to look at each frame at a time (I know there's plenty of tools out there to decompile a GIF image into their respective frames)?
Yes... industrial strength is a farfetched claim. This is easier to crack than some of the obfuscated ones however it is a nice balance between usability and protection from spamming. Time between frames being random doesn't do anything, it's not like someone is setting up a software to take screenshots - if a web browser can show the animation frame by frame, so can a bot. Random number of frames might be a small hurdle. Anyway, to make this more secure, you would have to use techniques to obfuscate the text but then you have a problem... it will take a long time for a human to read. Otherwise, with such a readable font and number/symbol alternatives, this is a gimmie to spammers. I prefer normal CAPTCHAs to animated ones from both an end user and web site administrator point of view, if animated ones were this simple to produce and worked nicely, I'm sure one of the many others who would have thought of this would have implemented it already.
I have a demo set up for users to play to see if they like it. I'm sure it's possible, but the question is ... how many are currently doing it? Nothing is forever on the internet and anything we throw out there will eventually be programmatically beaten. I don't claim this to be the best captcha ever, I just think it's the easiest I've ever seen to read and it provides security in ways that flat pictures simply can't. A balance is definitely what I am shooting for with this. I am, however, overly concerned with user friendliness. I think this might be the easiest captcha to read and comprehend I've ever seen. I have actually given thought to this. If I put a very light gray background that changes behind the number, would this deter a bot significantly? My thinking here is more about processor usage of the bot than making it harder to crack. If they have to break down 50 frames and do significant scripting for each, cracks might have a risk / reward issue at hand. I've actually never seen one documented and released. I have found some references around the net but nothing I could sink my teeth into. Send me a PM with a link if you don't mind. I think that saying that any captcha system is unbeatable is a farce, every script can be broken into. What works now, might not work next year ... or even next week. My point being, it will be quite some time until spammers add breaking animated captchas to their bots standard functions. And the tougher I can make their life, the better. Traditional (GD/jpeg) captchas are falling by the day: Gimpy is successful 92% of the time at breaking automated captchas And then there's this guy who famously breaks well known captchas. Some of the sites listed that are breakable are pretty impressive (phpbb, PayPal, LiveJournal, ...). That anybody would like a traditional captcha enough to say they prefer it is beyond me. GD captchas are, however, far better than word captchas which are high maintenance and can be broken programmatically. Flash & Javascript captchas are better by definition but depend depend on the user's settings as to whether they will work or not. I'm hoping this solution will end up the lesser of two evils. Good for the user & Good for security.
Well put EAD. as of current i doubt there is any bots cracking these but that isn't to say that it won't change. as with anything else. still don't like the voice idea though
It would seem like a bad idea, but then if you have a site that requires catering for poorly sighted or partially blind people then it might actually pay to have the option for those that need it, definately it's crackable, still think it's a good idea to have it available though.