Poor Man’s CAPTCHA

by Krishna on December 28, 2006

My friend Prashant recently did a post on CAPTCHA. A CAPTCHA is basically the opposite of a Turing test which a computer can pass if it is sophisticated enough to have a conversation with a human being without the person unable to detect that it is a machine. The CAPTCHA is used to differentiate a human action from a computer-generated one. One of the most common use is to stop automatic submission of web forms by spammers.

In recent times, I started getting a lot of spam from two forms in my website — a guestbook form and an email form. Neither form directly affected the content of my website since both forms sent an email to my account. But the spam was becoming a nuisance as I was getting around 20–30 spam emails per day.

After reading Prashant’s article, I was motivated enough to implement a CAPTCHA on the forms. Typical CAPTCHA implementations use a distorted image that an image processing algorithm cannot decipher, but humans can easily recognize. Coding for such an implementation is algorithmic-intensive and take a lot of time and knowledge.

Then I remembered seeing a different implementation on someone’s website where he had asked the person to put in the answer for a simple addition problem. So I added a new field on my form, asking the user to put in the answer to questions like “what is 2 PLUS 1?” If the user got the answer right, the form would be submitted.

As soon as I put the new forms up, all the spam stopped. I have not got a single spammed email. What worried me, though, was if it would cause problems for legitimate users. Happily, that doesn’t seem to have happened as I have received a few submissions from my friends from the form.

This implementation of CAPTCHA is what I would term a “Poor Man’s CAPTCHA” because it is very easy and inexpensive to implement with quick returns. Since my website does not attract a lot of traffic (sob!), it is not worthwhile for a spammer to spend their time to circumvent the test by writing a special program. I implemented this using server-side logic, but it is perhaps possible to achieve the same effect using JavaScript.

Comments on this entry are closed.

Previous post:

Next post: