Information about me and my services Download free programs Goto homepage of Jeroen Kessels, internet engineer Hobby area Email, address, and phone information Copyright 2005 J.C. Kessels Goto homepage of Jeroen Kessels, internet engineer Email, address, and phone information


JkCaptcha v1.2


This PHP script will generate an animated CAPTCHA image to distinguish people from spam robots. It's based on a very simple idea - people are great at recognising patterns in moving images, computers are not.

Spammers are a big problem for forums all over the world. The amount of spam on forums is growing rapidly and polluting yet another valuable internet resource. Most forums ask visitors to copy a code from a distorted image. This is called CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart", see *  Wikipedia). But spammers have developed completely automatic software that can interpret the images even better than humans.

So here is a new CAPTCHA image, using animation to 'distort' the verification code. The individual frames are impossible to interpret, because they contain extra characters at random. The extra characters are in the same font as the characters of the security code to make it more difficult for robots. Only by looking at all the frames together can the verification code be distinguished from the noise.

The animated CAPTCHA image. People will recognize the verification code, robots will not.  
 
The image in slow-motion. This is what robots will 'see' when they try to OCR the image. The verification code cannot be determined by looking at individual frames.  
 
The script has lot's of configuration options. This example shows all the verification code characters in a fixed size and no rotation and a random color per character.  
 
This example shows the maximum randomization possibe. Several combinations of options are possible, some are easier to read than others.  

Download and Install


At the moment the script is only available for the phpBB bulletin board.

*  Download JkCaptcha v1.2 for phpBB v2.0.21

The download contains a single file "usercp_confirm.php". It completely replaces the same file in the "/includes/" folder of your phpBB installation. There are no other changes - all you have to do is replace the file. To check the installation simply go to the registration page of your forum, the old CAPTCHA image should now be the new animated image.

If you are having a problem then right-click the CAPTCHA image and select "view image". The most common problem is that the font cannot be found. The script can use any TTF font you want (look in the top of the script for the '$Font' setting). The default is Courier-Bold. See below for a public-domain version of that font, an optional Arial-Bold font, and a link to a website with lot's of free fonts. First try putting the font in the same directory as the script, then the root folder of phpBB (where the "profile.php" is located), then the root of your website. If the script still cannot find the font then try specifying the full path to the font inside the script in the '$Font' setting.

*  Download Courier-Bold font (public domain by Digital Font Labs)
*  Download Arial-Bold font (public domain by Digital Font Labs)
*  1001 free fonts (website with lot's of free fonts)

Your server must have support for the GD library and for TrueType. Windows servers have these included in PHP, if you are on a *nix server then you may need to install them.

Will this block all spammers?


No, it will not. The animated image cannot block brute-force spammers that have a sweatshop full of people working all day long to post their spam by hand. Nor will it block spammers that use a half-automated robot that asks a human operator to interpret the CAPTCHA image. It will only block spammers that use a fully automated robot, and only until they build a filter to automatically read the animated image. Spammers make a lot of money, and are therefore very motivated and have lots of resources. We can only hope to make things difficult for them.

Known problems


- Animation turned off in browser
Some browsers (including Internet Explorer) have an option to turn off animation. Users that have done so will not be able to read the security code.
  • Internet Explorer: "Internet Options -> Advanced", see the "Multimedia" heading, the "Play animations in webpages" setting.
  • Firefox: Go to the page "about:config" (type into the browser just like a "http" url), locate the "image.animation_mode" key, and set to "normal" (the default).
- Color blindness
Many people cannot distinguish between certain colors and may not be able to read the image. They can "reload" the page to get a new image with different colors, though.

Copyright


This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Version history


v0.0.0
Initial release.
v0.0.1
Removed colors. All characters were originally drawn in a random color per character, but that makes it easier for robots to single-out a character. Drawing all the characters in black will join the pixels up.
v0.0.3
- Added random colors back in as a configurable parameter, both for the characters and the background. Colors can help humans to recognise the characters, and adds a level of processing for robots.
- The characters of the security key are no longer displayed in all frames, to defeat simple AND filters.
v1.0
- The script has proven to be very stable, so it's now officially released and no longer alpha.
- All options are now hardcoded and cannot be turned of by a parameter.
- Option added to select no size randomization.
- Option added to select no rotation randomization.
- Option added to use the same color for all characters in the verification code.
v1.1
- Bugfix, the changes somehow introduced a bug in fetching the security code from the phpBB database.
v1.2
- Added some code to make sure at least 1 character of the security code is not displayed in the very first frame.