Spam Bots and CAPTCHAs

Recently I analyzed HotScripts.com section “PHP :: Scripts and Programs :: Security Systems”. Looking through the all 9 pages, I identified 5 categories:

* CAPTCHAs,
* crawler protection,
* login, users, groups, roles, rights, authentification,
* data encryption,
* PHP and HTML source code encryption.

As one expects, the biggest category is “CAPTCHAs”. But how to select the best one?

I’m very sorry to disappoint you, but I have no answer. I think I know some criteria to decide if a captcha is good or bad (more on it later), but analyzing each of 30 scripts is a bit too hard work.

Fortunately, in programming, we usually have a correlation between the quality of a tool and its description. This way you can semiautomatically disqualify the most of the script.

Print this list, strike out what you dislike and write in comments what you’ve got. I’ll try manually review the scripts which get votes.

• Advanced Textual Confirmation: install CAPTCHA in 1 minute.
• Animated CAPTCHA validation images Volume 2
• Animated Math Captcha
• Captcha
• Captcha Creator php script
• Captcha Splasher
• Captcha Verification
• Captcha ZDR - powerfull captcha tool
• Captcher
• Click Captcha
• Cryptographp free CAPTCHA
• easiCaptcha
• HKCaptcha
• Honso_CAPTCHA
• Human Pictcha
• identiPIC photo CAPTCHA
• Image Form Valuator v1.0
• Image Validator
• MathGuard
• myCaptcha
• PHP Captcha Script
• PHP Captcha System. No DB required
• PHP Spam Terminator - protect your site from annoying spam posts
• plx Turing
• Sec-Code
• Securimage CAPTCHA Class
• Security Images (Captcha) v1.2
• Simple Random Character Verification script 2
• Solmetra FormValidator
• submitTroughImage

Advanced Textual Confirmation: install CAPTCHA in 1 minute.
Advanced Textual Confirmation is an universal antispam for forums, blogs, contact forms, and others. It is a smart textual CAPTCHA, which challenges site visitors only once, and then disappears. To install, no database required, no graphical libraries required, just insert one line into your script.

Animated CAPTCHA validation images Volume 2
This package is an alternative animated CAPTCHA generator tool. This package can be used to create animated CAPTCHA images for website validation. To decode of these CAPTCHA images are more difficult by web bots, the execution time of image generating is faster and better than volume 1 package.

Animated Math Captcha
The first script creates a static JPEG image with many features, easily and fully customizable. The second script is a math captcha. that creates an animated gif showing a sum, always partially visible (three kinds of animation). Spambots and OCR softwares can never see the complete sum.

Captcha
The name of this project tells everything by itself ! It’s a little captcha generator which creates human-readable check codes which will keep you away from spammers and flooders. It requires GD library, Session handling and some files linked at the bottom of this page.

Captcha Creator php script
Captcha Creator is an easy to use PHP Script that generates unique, highly customizable Captcha Images, very useful for web forms to stop automated submissions. The script needs only PHP and GD library, no SQL, no PERL, no other stuff required. A large collection of fonts, backgrounds, and text variations in size and placement are available to ensure that spam bots can NOT break it, while humans will always read it easily. Is very easy to install on any website with php support, and can be used to stop automated submissions on web forms such as: Guestbooks, Blogs, Wiki, Comment, Feedback forms and other types of web forms. The script generates a new, unique Captcha image everytime your page where you placed it is loaded, stopping automated submissions and spam bots from filling your form with junk data.

Captcha Splasher
Captcha Splasher is a random image number generator security tool. Its purpose is to prevent automatic signups or signins by robots or computer programs, with the intention of spamming the system.

Captcha Verification
CAPTCHA is the mthod of security that many websites use now. It generates random numbers and/or letters and produces them inside an image. This is done by the use of GD in PHP.

Captcha ZDR - powerfull captcha tool
This is simple, complete and powerfull captcha tool written in PHP for protecting your web FORMS from spammers.Under GPL. A good solution for this is to use an random code that is generated by a script the code will be displayed as an image so only a person could read the image and type the number. “Captcha ZDR” offers several methods of captcha protection, different fonts, string protection, calculation protection (sum and deduction), noise in image, string symbols are hard for reading from spamer machines. * 8 unique backgronds for captcha image. * Easy to install in your web pages. * No DataBase required. * Hard Protection $_SESSION[’captcha’] variable contain RIGHT result from CAPTCHA image. You can use example.php and example_submit.php for more information.

Captcher
Security code image generator and verifier. Requires GD support (most modern PHP installations) and mySQL. No image caching required. Configurable fonts, colors and captcha lengths.

Click Captcha
Stop the form spammers without aggravating Your customers or members. Works in IE 6 & 7, Firefox 2, Netscape 8.1 and Opera 9.1 browsers. Requirements - php >= 4.3 with GD support. Click Captcha is a randomly generated gif file that is dynamically displayed in a random area below form with 9 random color combinations and the click number is randomly displayed to the right or left making 18 different images with random numbers from 11 to 99 the generated gif file is less than 0.39 KB.

Cryptographp free CAPTCHA
Crypographp is a free PHP script for install a CAPTCHA on your web site: forms for example. It’s a Open Source project. Compatible with PHP 4/5/6 www.cryptographp.com

easiCaptcha
easiCaptcha is a captcha that you can add to your web forms easily and quickly, it consists of 2 php scripts, a decrypt loader folder and a configuration file that you can use to adjust easiCaptcha’s preferences if you feel you want to. You need no knowledge of scripting, in fact it can be as simple as dropping the scripts and loader folder into your form directory on your server and adding two lines of php to your form.

HKCaptcha
Unlike many other free captcha implementations, this captcha is designed to be extremely hard to crack for computer programs. No fancy colors here that a determined attacker can filter out more easily than a human. The website has a demo page to test the script. Requires the GD library.

Honso_CAPTCHA
This CAPTCHA has three main features. Including several random colored lines that are arranged randomly, random image background color, and random text position. This allows humans to read the image, but not robots or computers.

Human Pictcha
ZZEE Human Pictcha is a protection in a form of an image (a captcha), which can be embedded inside your web forms, and which will filter out various forum spam, guestbook spam, form spam, signup spam, password attacks, etc. It is a library and a set of tools and examples for PHP and can be used with Perl as well. Human Pictcha is fairly easy to install and embed into your existing PHP or Perl forms. You can download a free demo version to see if it is compatible with your web site and how easy to use it in your forms. Human Pictcha comes with the full open source, which is a big advantage. - For PHP or Perl forms - Easy to setup and maintain - Full open source - Compatible with the typical webserver setup - Secure and hard to defeat by OCR - You can tune it to match your website looks - Complete documentation - Image code can consist of digits and letters or only digits - Trial download available - Online demo available

identiPIC photo CAPTCHA
This CAPTCHA uses pictures instead of characters. The user is invited to identify a picture (or pictures) to proceed. It can be used on any web form. It doesn’t use a database. It is extremely simple to install with very minimal code. It stops spambots and the like because they cannot tell what a picture is of. Includes free, friendly support.

Image Form Valuator v1.0
This script generates images for CAPTCHA ( Completely Automated Public Turing test to tell Computers from Humans Apart ) validation tests, make coded string and compare users input. This script was made as simple as only possible. It doesn’t require any additional libraries or user session, it use only common PHP functions. This simplicity is helpful in case your hosting has lack of abilities.

Image Validator
Image Validator is a GPL CAPTCHA php script to stop spam on any form: comment areas, sign-ups, shopping carts - any area of your website where you fear the evil spammers may target.

MathGuard
This PHP class inserts a small piece of HTML code into your form - an expression consisting of two random numbers, one text input field for user’s answer, and one hidden field with the hashcode. When user submits the form with the answer, the answer is being hashed and compared to the security code that has been submitted as well. This way you can easily protect your forms from the spambots.

myCaptcha
myCaptcha is a selection of php scripts that enable you to implement a Captcha mechcanism within your projects or site.

PHP Captcha Script
This script is a captcha script that you can use on your website to block SPAM being submitted in your forms.

PHP Captcha System. No DB required
Easy to install captcha system to keep bots from making false submissions to your web forms. Requires PHP. * Customizable Colors * Choose # of characters in string. * Choose # of interference lines. * Choose character set (numbers, letters, uppercase, lowercase).

PHP Spam Terminator - protect your site from annoying spam posts
PHP Spam Terminator will stop robots from using a form to send spam. It displays random characters which the user must enter into the box to continue the script, if they are entered incorrectly or not at all, the form will not be processed. To install, no database required, no graphical libraries required, only one php file and add some code into your script. * Easy to install, only less than 50 lines of PHP code. * Generate verification image dynamically. * No graphical libraries required. * No database required

plx Turing
Add more security to your site with this turing number generator! Probably you have seen this kind of security measures taken on most serious sites - yahoo, moneybookers, stormpay and so on. You can add this great feature and please your site members with more securty. When login, signup or whatever security forms are submited on your site you can show randomly generated security code which the user should input in a text field for verification. This way the script blocks the hacker programs from try to submit a form. The hackers programs and robots can not read the generated security code from the image as this number is always different and looks different. The code text is disordered but still remains readable by humans and unreadable by programs, scripts or robots. You have total control on the size and the look of this image - from colors and sizes to font family and character rotation. Easy integration! Usage example included!

Sec-Code
This PHP script creates an image with a security code that can be used to protect e.g. your guestbook from spam. It requires PHP 4.1.0 or higher with session support and GD library.

Securimage CAPTCHA Class
NEW VERSION!! A highly customizable PHP CAPTCHA image class for generating CAPTCHA images to prevent programs from filling out your forms. This does everything from create and output the image, to validate the code entered by the user in the form. It can show an image in just 3 lines of code, and validate the text in about 6 lines. This supports variable length codes, user defined character sets, custom TTF fonts, custom colors, multi-colored letters, skew lines through text, optional lines to obfuscate text, angled text, transparent text and more. Includes several examples.

Security Images (Captcha) v1.2
Add Captch security images to your website, With 6 different backgrounds and fonts.

Simple Random Character Verification script 2
A validation script that displays random characters which the user must enter into the box to continue the script, if they are entered incorrectly or not at all, the form will just reload. It uses hashed cookies to stop bots from reading the code. It will stop robots from using a form to send spam. It’s a foundation to either experiment with or add to a form.

Solmetra FormValidator
SOLMETRA FormValidator is a PHP class used to validate web forms against automated submissions. The process involves generating and displaying a distorted image of secret phrase which is readable to humans but completely incomprehendable to machines - even to OCR programs. This protection mechanism is known as CAPTCHA (completely automated public Turing test to tell computers and humans apart).

submitTroughImage
A small but usefull spam/flood form submit protection. This class can produce a image with a random string and a form input. When the form is submitted, the string from the form input can be matched against generated string in the image. When they match, the submition can proceed. The random generated image string will be matched against a session var or against a file on the server disk, depanding on the backend you’ve choosed. Default backend is the session backend. Some of the features: * One or more random colors. * One or more random TTF fonts. * Random rotation. * Custom background color or image. * Transparent background with anti-alias of string. * Hardcoded or variable (liquid) dimentions of the image. * Colors can be filled as HEX or as RGB values. * String/code type can be only numbers, only letters or both. * Backend by session or server disk space.