However, some PHP developers might need to work on their own captcha solution. They can gain overall flexibility and total control of the captcha solution. It also helps the PHP developer to learn the overall operating principle and development behind captcha (Completely Automated Public Turing test to tell Computers and Humans Apart). Gaining this level of understanding means that, if the captcha produces an undesirable result (such as being too difficult for humans), the developer can adjust it accordingly, without defeating the overall objective of separating bots from humans.
This article will focus on improving the difficulty of a PHP-based captcha system with optical character recognition test (OCR). Most spammers or anti-captcha spam bots use OCR technology to crack captchas. If your captcha system is easy, it is in fact worthless if OCR technology can crack it.
Presentation of the Problem
Consider the existing PHP captcha script (antibot.php) below:
//Start PHP session
//Generate random number
//Store generate random number to a session
//Create image 50 x 50 pixels
//Initial background and text color of the captcha image
//Write the string at the image
//Output the image
<!--Display the captcha image on the browser-->
<img src="antibot.php" />
Type the anti-bot code above:
<br /> <br />
<input type="text" name="captcha" size="10">
How easy is this captcha for a bot to defeat? I tested it with an excellent open source optical character recognition engine, Tesseract, which is also used by an online OCR tool. I took three image samples of this captcha output and then uploaded the image to the OCR. I obtained the following result:
This captcha can be broken perfectly by a very good OCR engine. If you use this captcha in your website, you risk being compromised by a spam bot using this OCR engine.
blog comments powered by Disqus