Home > Articles > Stop Spammers with Captcha!

Stop Spammers with Captcha!

Written on May 29th, 2010 at 7:36pm

You've set up your site, complete with user feedback forms, be it for a forum or just comments on articles and whatnot (like this site). You spread the word, and all of a sudden you are receiving multiple responses a day - even better, every hour! It's only then you check your user feedback to find it's nothing but spam for the usual garbage (porn, gambling, sex pills, etc.). The problem with feedback forms is it is very easy to automatically send form data to the server, so a botnet can use it to spam your site into oblivion. This is where captcha comes in.

Captcha is a technique used in form verification to verify the user submitting form data is in fact a human user of your site, and not your typical spammer. It works by dynamically creating an image with random characters in it, and asking the user to repeat those characters on one of the form fields. The chances of a spammer randomly guessing those 5 characters when automatically submitting are pretty slim, using this forces them to manually spam your site (which makes it not worth it).

Enter the 5 characters shown.
Request another image.

The captcha image Web Developers' Playground uses.

How to Create a Captcha

Captchas are created using GD, a graphics library built into PHP. The code below (which is actually the same code the playground uses) is only a fraction of what GD can do, though - so feel free to check out its documentation on php.net. <?php //Create a random image for the user to prove they are not a spam-bot. session_start(); $key=''; //'oh' and 'zero' can be hard to differentiate, as can 'two' and 'zee', 'six' and 'gee', 'five' and 'ess' $allowable='134789qwertyuipadfhjklxcvbnm'; //key will be 5 characters long for ($i=0;$i<5;$i++) { $key.=substr($allowable,rand(0,strlen($allowable)-1),1); } $captcha = imagecreate(100,50); // Use scribble because it's not your typical font $font='fonts/Scribble.ttf'; //let's set the colors we'll be using... $black = imagecolorallocate($captcha, 0, 0, 0); $blue = imagecolorallocate($captcha,0,0,255); $orange = imagecolorallocate($captcha,255,165,0); $line = imagecolorallocate($captcha,233,239,239); imagefill($captcha,0,0,$blue); /* Add in an orange circle and 3 random lines to make it slightly harder to break.. */ $x=rand(35,65); $y=rand(15,35); $width=rand(30,60); $height=rand(10,30); imageellipse($captcha, $x, $y, $width, $height, $orange); imagefill($captcha,$x,$y,$orange); for ($i=0;$i<3;$i++) { $startX=rand(0,100); $startY=rand(0,50); $endX=rand(0,100); $endY=rand(0,50); imageline($captcha,$startX,$startY,$endX,$endY,$line); } // now for the text - place it at a slight, random angle imagettftext($captcha, 18, rand(-10,10), 15, 25, $black, $font, $key); /* Encrypt and store the key inside of a session */ $_SESSION['key'] = md5($key); /* Output the image */ header("Content-type: image/png"); imagepng($captcha); ?> All you have to do at this point is add a check that the user will match the captcha code you've given them.

Spammers are a pain, there's no doubt about it - and they get better and better each year with beating captchas (In a few years, the above captcha will be obsolete). However, with a little bit of work, you can avoid constantly monitoring your website, when you have better things to do - like develop content.

Comment on this page:

Your information Name:
Email:
Hide Email?
Enter the 5 characters shown.
Request another image.
Prove your human:
Comments Overall page rating:

Comments

No one has commented on this article yet. You can be the first!