I'm currently using recaptcha, and I feel that it can be a little difficult. It is always two words the user has to type in, and some of the words can be up to 7+ characters, and really difficult to make out what they are. I'm 24 years old and very tech savy, so I feel older, less tech savy people will be turned of by this.
Anything better and free to use out there?
Anyway to limit the size of the captcha that recaptcha puts out? (less characters the user has to input)
I think ReCaptcha is the best. It is easier to read than most others.
It used to be easier, but it was cracked a while ago.
Since then it has been made less legible.
I found the best way is just to write your own captcha combined with a form token. I, too and turned off by ReCaptcha's hard to read text with minimal customization options.
Regarding reCAPTCHA and CAPTCHAs in general:
New Attacks on CAPTCHAs
That's a good idea.
There are probably a number of ways of blocking spam if no one is specifically targeting your site.
A question like "What color is the sky?" or "Who's buried in Grant's tomb?" would probably do the trick.
It is good to use number game " 7+3 = "
Just started implementing math questions
note : some people are fools they dont understand what maths questions are! because they are fools. hehehehe
It will only be when the captcha is solved then the email is shown..easy to drop in code..but much simpler than recaptcha
"know your enemies" The Art of War - Sun Tzu
Anatomy of a contact form Spammer:
Though difficult to comprehend they are typically human,
so no CAPTCHA, reCAPTCHA, maths questions, select an image
or testing of general knowledge trivia is going to hinder them.
The more prolific ones targetting social networking sites use
a third party breaking system using 'mechanical turks' aka
humans for hire or even their own image to text converters.
However they are creatures of habit and something you will
often find them doing is trying to insert TWO differnent types
of links at once in an effort to save time.
Hands up if you have seen junk like this ... I've added the backslashes \ to make the code more readable.
<a href=http:\\/\\/spamsite.com>wdcfwf2e</a> dfguyf2u [sdsd sxdas](http:\\/\\/spamsite.com)
The important thing to remember though is that NO normal user
ever puts HTML or BBcode in the message field of a website contact
form, plaintext URLs are used instead because that's the 'human' way of speaking.
For example "hey bro have you seen www.lovelogic.net" you never say
"hey bro have you seen < a href=http://...." think about it...
So validate form inputs server side, check for HTML & BBcode tags then gently
prod the sender with a polite error message if these are found. If they persist
then grab the IP so you can ban or redirect it, spike them with an 'evercookie'
just in case they think using a proxy is clever and make sure they don't want
to come back.. crashing the spammers browser is always a popular favourite.
Meganerd also makes a good point about using a form token as this hinders the would be
spammer injecting a bogus message directly into the mailing script via a URL using GET or POST.
So the more awkward you make it the more the spammers will pass you by for easier pickings.
I think it's good to use Puzzle game captcha.
You can see the ones here
Just search on google MoneymakerDiscussion Forum and see the captcha.
For me, Recaptcha is the best though you can also use an interaction based captcha just like what they use in safelinking.net. Like moving the scissor inside a circle.