Page 2 - CAPTCHA design

why not just ask a question?

I've never done anything in this area, but if the bots are looking for an image, take away that aspect of the captcha and fulfill it with some other means. For instance, ajaxian.com asks a random question each time you submit a form. Granted, the answer is easy for a human, there's no easy way for a bot to understand the questions and plus nobody is looking for random security questions.

Here's another idea: would it make a difference to change how the captcha is submitted? perhaps require the user to check a checkbox to display the captcha, then fill it out, or separate the input portion into two text boxes rather than just one.

My only other idea would be to use divs to build a font. create a function to read in a string like "AvImWe" and use a switch condition to call function letter_A(), letter_v(), letter_I, etc. Each function would contain the code to build that letter just using different sized divs with a uniform background/foreground contrast. If there are no images or text, I don't see how a bot would know what to look for.

From a user pov, I think foreignis has a good point. Personally, I find entering CAPTCHAS to be annoying. Especially when it takes me 3 tries to get it right.

However, with a multiple-choice "which pictures shows a puppy?" question, bots could simply guess and have a [x in y] (z%) chance of getting through.

This may seem trivial, but its not. A botter can just toss SPAM at your site endlessly. Even if only 5% got through, the SPAMMER could simply attempt to post more often (20x) and see no net difference.

As someone above mentioned, Askimet for WordPress is fantastic. However, its not code, but rather a central database of spam, which makes it so effective.

The best anti-spam project I've heard of is "Okopipi", however, that open-source project hasn't been able to get off the ground just yet. If interested, see http://okopipi.org/

I find capchas to very useful, as soon as I added it, I never saw spam from my forms again.

However there are many people who have capchas giving other capchas a bad name by making them unreadable.

Spammers who see that you have integrated capcha in your contact form will just continue to another website untill they find one without one(unless you somehow pissed them off).Therefore it is not necessary to worry about someone trying to circumvent your capcha.(Similar to using the "Klub" for your vehicle to prevent auto theft)

The best way to make it user-friendly is to not distort the letters, make sure the foreground and background are contrasting, and remove characters such as i,1, z, s, etc. so there is no confusion.

I found the capcha tutorial here on codewalkers to be a great foundation for creating capchas.

My capcha design started with the tutorial.
-Variable amount of lines
-Variable x and y co-ordinates for the lines
-Removing conflicting characters