Crib Sheets
Home Page
Calculator
Chemistry
Convert Units
Electronic
First Aid
Geography
Geology
Mathematics
Music
Nautical
Numbers
Physics
VB.net Program
Weather
Web Programming
Special Chars. HTML PHP JavaScript Are You Human?

Wiring
DigitalDan Websites
DigitalDan Sites
Hit Counter 208
 
©2000-2013 DigitalDan.co.uk
 
Contact Details
Email address scroller
DigitalDan.uk
Are You Human?

 
Some "irreputable" companies use computers to collect email addresses and to use them for inappropriate purposes (e.g. SPAM junk mailing.) For this reason, web developers sometimes want you to proove that you are human. They try to ask a question which a human could answer but a machine would find difficult.
 
Unfortunately, some machines can solve the problems and many humans find them difficult. These tests are known as CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart.)
 
This page demonstrates some alternatives to Captcha images. They all have limitations but you are welcome to use or adapt these ideas. If you refresh or revisit this page, the Captchas will change.
Can you read the word in the picture?
Classic Captcha Image
Find word hidden in image - word has to be obscured and can be impossible for humans to read. Vulnerable to Optical Character Recognition. Many shared servers do not allow sites to generate images because this increases CPU load.

How many Diamonds can you see?
shape Shape Shape Shape Shape Shape Shape Shape Shape Shape Shape Shape Shape Shape Shape
Count the shapes - computer can solve with brute-force attack because number must be very small. (Humans would not want to count lots of shapes.)

Please solve this sum ....
10 x 2 =
Solve the sum - computers are better at maths than many humans. Make sure all variations can be solved easily and avoid decimals.

What date is marked on the calendar?
July 2020
SunMonTueWedThuFriSat
2829301234
567891011
12131415161718
19202122232425
2627282930311
Complicated to set up because you must ensure humans enter dates in a consistent format. Humans may not know what to do. Vulnerable to computer trying all possible dates. Watch out issues like Amercan mm/dd/yyyy and English dd/mm/yyyy.

What time is is (according to the clock on the screen?)
Clock
Complicated to set up because you need to draw the clock hands. Human may not know what is required. Computer could be taught to solve problem. Need to consider whether am or pm.

Watch the traffic lights
1 - Wait until the the traffic lights change to green.
2 - Click on the green light before they change.

traffic lights
Complicated to set up because you need to check timing and position of mouse-click. Relies on computer not knowing where or when to click. Human may have difficulty understanding instructions. Aninmation may not work on some browsers.

Set the clock to this time
eight thirty-three P.M.
Digital Clock
Complicated to set up because you need to set up an adjustable clock. Human may not know what is required (e.g. Setting clock to current time in a local timezone.)

Change this text into a number
four hundred and fifty million seven hundred and ninety-three thousand four hundred and fifty-seven
Text Conversion - Time comsuming for humans but fairly easy for computers.

Click on the square
Image containing various shapes
Identify an object. Clicking on postion - computers could solve by trial and error. Could cause humans problems. Variations include identifying animals, logos and faces

What number is represented by the roman numerals
MMCL
Roman Numerals - Computers can convert numbers but many humans struggle with roman numerals.

What number is displayed in big letters?
 XXXXXXXX    XXXXXXXX    XXXXXXXXX   XXXXXXXX     XXXXXXXX   XXXXXXX    
XXXXXXXXX XXXXXXXXX XXXXXXXXX XXXXXXXXX XXXXXXXXX XXXXXXXXX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XXXXXXXXX XX XX XX XX XXXXXXXXX XXXXXXXXX
XXXXXXXXX XX XX XX XX XXXXXXXXX XXXXXXXXX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX
XXXXXXXXX XX XXXXXXXXX XX XXXXXXXXX XXXXXXXXX
XXXXXXXX XX XXXXXXXXX XX XXXXXXXX XXXXXXXX

 
This is a variation of the read word in image system. The advantage is that it does not need images to be created on the web server. Text pattern recognition could be used in a computer attack.

What is the sixth word in the following sentence?
You can see the Sound and hear the Sea from Plymouth Hoe.
Find the word - Has bad reputation with humans because some companies insert advertising into the search text. Can be difficult for human to decide which sentence or word is required. Computers can brute-force solve by trying every word on the page.

What word is being spelt out?
Spelling graphic
Animated words - Requires processing to spell out words, hence, answer would be unreadable to many of your readers. (Animation and animation scripts are often switched off.) Computer could solve by looking at animation code.

What is the missing word?
Ten Twenty Thirty Fourty Fifty Sixty Seventy ______ Ninety
Missing word - Relies on sentences that woulld be recognised by most humans, however, different cultures use different phrases and spelling also changes. There is a finite number of suitable sentences hence computers could be taught to solve the problem

On a British QWERTY keyboard
Which key is immediately to the left of the letter N?
Clue
1234567890
QWERTYUIOP
ASDFGHJKL;
ZXCVBNM<>/
Find target in grid - Human may not understand what is required. Computer can be taught to solve problem. Human needs to find answers quickly and this restricts security.

Other checks to reduce the number of automated attacks
Hide a textbox from user (or ask them to leave it blank) - computer may not read instructions and could put something in the box.
Ensure every relevant field has been competed, then validate every field
Ask user to click a specific location on the screen
Computers often complete forms faster than humans. Ignore any attempt to submit complex form within 2 seconds of page appearing.
Remove submit button when page taking unusually high number of hits - a "this page is currently being updated" message could be better than entire site being overloaded
Reject all content containing suspicious words (e.g. Viagra, www., free, cmd, exec, ...)
Replace any suspicious letters with HTML special character sequences or block any input containing dubious letters (e.g. < ` > \ ...)
If you site serves a small community ask a local knowledge question (What is the telephone dialling code for Milford Haven, What is the first word in our National Anthem, Whhat is the first name of our chairman...)
Count the number of bytes being downloaded by all users. Set a maximum count per minute or hour. Shut down your download facility (or entire site) the moment that data download limit is exceeded. (Reduce risk of hacker downloading everything on your server e.g. customer credit card details etc!)
Make sure all credentials can be verified and avoid known risks - (unrecognised MAC address, email address linked to high risk country, email address associated with disposable email provider, request made at time when most of your readers are asleep, IP address on a blacklist, anonymous browsers ...)
If employees have to access site from insecure locations, use a self-destructing password table. There are ways to read username/password combinations used with insecure computers
Before allowing access to sensitive data, ask for random words from a secret phrase. Change the requested words on each request. Never ask for the entire phrase.
Count the number of unsuccessful log in attempts and shut down the page if too many failed attempts occur within a fixed timescale.(reduces the risk of brute force attacks).
Automatically block all remote access to a sensitive page for 1 second after 1 unsuccessful login attempt. Double the time delay for each consecutive failed login.
Wait for one of the following actions to be detected before allowing a form to be submitted - key_pressed_on_keyboard, Mouse_movement, Button_Press, Screen_Swipe, Screen_Touched. Make sure the action could be performed by users of tablets, phones and computers.
Create some "never to be used" email addresses for your company. Include one of these email addresses in any email list sent out to your data processors. When an address starts to recieve Spam, simply close both the email address and your business links with the untrustworthy data centre

Captcha Gone Wrong
Whilst these may be extreme examples, I hope they illustrate why you should think carefully when designing Captcha systems.
 
Type this word in the box provided
Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch
 
What letters and numbers are in the box?
bad example of captcha
 
What symbols are in the box?
bad example of captcha
 
What word is hidden in the box?
bad example of captcha
 
What word has been crossed out?
bad example of captcha
 
How many triangles are there?
bad example of captcha
 
What is the answer to this "simple" sum?
37 times 12355 divided by 1765
 
Find Rhoscrowther and click the appropriate place on this map
bad example of captcha
 
Enter this "Activation Code" in the box provided
    wvn0O-5SlI1-Ge9gq-3E4AU-7T8BV-1ILli-WVMUN-$SE£€-@#{]%
DigitalDan.uk is part of the DigitalDan.co.uk group