In association with heise online

01 July 2010, 17:37

NuCaptcha Flash CAPTCHAs to combat spambots

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The text scrolls, the ball rotates and the flag flutters - a difficult task for spambots.
"Completely Automated Public Turing tests to tell Computers and Humans Apart" (CAPTCHA) technology is designed to generate phrases that while still legible to humans, cannot easily be machine read. Its purpose is to defeat the tools spammers and criminals use to automate tasks such as the setting up of accounts in forums and with email services.

Usually static images are used, but the software from NuCaptcha generates animated CAPTCHAs to make automated machine reading even more difficult, while actually increasing legibility for humans. Animated CAPTCHAs themselves aren't new, but animation was only used to do things like hiding part of a character string with a bouncy ball or other graphic objects, or superimposing moving grid lines.

NuCaptcha uses a different approach and animates the character string in a Flash video against a moving background that includes other elements. According to the developers, this means that it isn't necessary to distort the character string to be recognised as much as with conventional CAPTCHAs, allowing it to be more easily recognised by humans, while the large number of edges within the image still creates a high recognition barriers for bots. Static CAPTCHAs can often be so distorted that users fail to decipher them successfully, and in turn, preventing them from signing on. Although it's built on Flash, NuCaptcha degrades gracefully on systems without Flash support, falling back to using animated GIFs and JavaScript.

Whether the NuCaptcha approach will be successful remains to be seen. In current demos, the character string to be recognised is always coloured red. Filters could perhaps be used to hide all the other elements, simplifying a subsequent OCR process. The area in which the text is displayed could be established by taking multiple screen shots.

NuCaptcha also promises to thwart the recently appeared large scale CAPTCHA breaking services that employ humans to identify distorted images for spammers. Special algorithms are designed to detect whether the responses originate from the human employee of a breaking service, in which case the animation will be slowed down. Professional CAPTCHA breakers are said to need, on average, four seconds to recognise a CAPTCHA. NuCaptcha is designed to create a 15-second delay if required, which apparently makes breaking unprofitable.

NuCaptcha is currently a free service that developers can integrate into their PHP and .NET applications via an API. A dedicated plug-in is already available for WordPress users.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit