How Text, Image, and Custom CAPTCHAs Work

CAPTCHA & Distributed Denial of Service

Completely Automated Public Turing Test To Tell Computers and Humans Apart or “CAPTCHA” is a system that different websites use to protect themselves from bots. Basically, it is a security checkpoint that checks whether the user attempting to access the site is a human or a bot. Bots can be sent in large amounts to a single website in a distributed denial of service (DDoS) attack. Which can be devastating to smaller sites and even well-established sites.

Not only can bots be used in DDoS attacks. However, they can also be used to steal personal information from internet users and even to plagiarize information. Thus, many hosts have decided to implement CAPTCHA in order to prevent these attacks from having such a large negative impact. But, how does the CAPTCHA system actually determine whether a bot or a human is trying to access the site?

CAPTCHA Based on Optical Character Recognition

Optical Character Recognition (OCR) software was first developed in the early 1900s as a machine that could read physical characters printed out on newspaper and convert the characters “seen” into telegraphic code. Since that time, OCR technology dnem has gotten much better with the first true computerized version coming out in the 1950s. Many CAPTCHAs in the past used a text-based security checkpoint like the one shown above. However, the letters are typically heavily distorted to prevent OCR software from properly recognizing them. Thus, the idea was that the text-based CAPTCHAs could be distorted enough that bots using OCR could not detect the characters accurately. But just readable enough that a human could.

However, as displayed above, text CAPTCHAs were a pain in the butt to do so they have begun to be phased out in favor of other CAPTCHA methods. On top of text-based CAPTCHAs being incredibly annoying to complete, people attempting to bypass CAPTCHAs using bots have improved OCR technology over time, causing this CAPTCHA method to become less effective overall.

Picture-based CAPTCHA

One of the increasingly popular CAPTCHA methods that. I’m sure we’ve all seen is picture-based. They look a little something like this:

Since these kinds of CAPTCHAs are much simpler to use and not easily penetrated by OCR software, they have slowly become the preferred choice over time. But even they are beginning to become obsolete and complicated.

reCAPTCHA by Google

Google has released an extremely simple CAPTCHA system titled “reCAPTCHA” that is as simple as clicking a button:

Now how the heck does this possibly work? Well, it really is not known, as Google has not stated exactly what it looks for when determining whether someone is a bot or a human. Which is probably the smart thing to do. However, it is widely believed that it has something to do with mouse movements directly before clicking on the. “I’m not a robot” checkbox. You see, mouse movements are pretty random when a human is moving around a mouse. It is inefficient, as there are many jerks, wrong moves. And the mouse is not always placed perfectly center on top of a button.

Read –  HOW TO GENERATE RECAPTCHA KEYS FOR YOUR DOMAIN

A bot on the other hand, wants to as efficient as possible, so it would likely move the mouse almost perfectly in order to accomplish a task as quickly as possible. Google possibly created a complex method to determine the “randomness” of the mouse movements prior to clicking on the reCAPTCHA button. Just look at a mouse being controlled by a program.

Now, compare that to your slow and inefficient mouse movements. Obviously, there is quite a huge difference; therefore, it is likely that Google is using some kind of mouse movement detection to determine whether a bot or human is present.

CAPTCHAs have advanced quite a bit since their inception in the late 90s. It’s crazy to think that they have actually gotten simpler and easier to use over time. Considering bots have only gotten more powerful as technology has advanced. While they may just seem like an annoyance to many, they help to protect websites from crashing constantly and prevent predators from obtaining personal information of millions of people.

Custom-made CAPTCHA

It is worthwhile noting that some sites have developed their own method for protecting their site from bots. For instance, random questions are asked from a site visitor, answer of which is unknown to bot. By the time bot tries a trial and error to find an answer, the question changes. Such approach prevent many basic to above average bots; however, for advance bots these sites need to develop a more complex system of question and answers that are updated and changed on daily if not hourly basis. See this link as an example of creative CAPTCHA: https://weg2g.com/application/abovezest/getintouch.php

Summary

Whether you like to develop custom CAPTCHA or use pre-made CAPTCHA, you need to have some knowledge of coding. Beginner knowledge of HTML is enough to embed a pre-made CAPTCHA. However, advance knowledge of JS like Node.JS or a server-side language like PHP or JAVA is required to build your own custom CAPTCHA.  There are lots of resources for learning programming professionally. For instance, Coding Bootcamps institute offers many basic to advance programming classes with focuses on hand-on projects.

About Author

Matt Zand is a programmer, businessman, IT Consultant, and writer. He is the founder and owner of WEG2G Group. He is also the founder of DC Web Makers. His hobbies are hiking, biking, outdoor activities, traveling and mountain climbing.