Last updated November 27, 2008. Created by LeeHunter on June 13, 2007.
Edited by keith.smith, RobLoach. Log in to edit this page.
A CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human. This is used in Drupal to prevent spam posts and bot activity.
Installation
- Download the module from the project page and enable the module
- Go to admin/user/captcha to enable CAPTCHA for various actions
Comments
CAPTCHA Blew IE Default Color and Font Settings
I downloaded and installed CAPTCHA ( naively ) using the SEO Checklist Module recommendations. The first time I restarted my computer afterwards, the Internet Explorer default color schemes were blown away and the system font had been replaced with something pretty awful. A bit of research made it clear that this was because I'd set up image CAPTCHA without changing the font selection from it's bitmap font default. This all took me by surprise, because it appeared to work fine before the restart. Things are mostly fixed now. I use Vista, so here are a few tips if anyone has the same problem:
Fix colors using Control Panel: You need to use Appearance and Personalization tools to get your system colors back. ( You can't recover using the Tools tab of the IE browser toolbar )
Fix system fonts: Follow the CAPTHCA true type font install instructions--install the font you want to see as a system font.
Hiccups aside, I appreciate the donation of this sophisticated and powerful module. Ditto the excellent SEO checklist module. Thank you, developers and maintainers. You do great work.
This is probably caused by something else
It is almost impossible that the Image CAPTCHA module is the cause of the symptoms described here (unless you downloaded a hacked version of the CAPTCHA module from a not trustworthy website).
The Image CAPTCHA module is just a simple Drupal module that uses the standard Drupal and PHP API's and does not interact with your operating system in way that it could change your operating system settings as you described.
Further discussion at #263013: CAPTCHA Corrupted Font Defaults for IE.
Text captcha trick
I personally hate image captchas and found that spam was getting past math captcha.
I was also getting registrations from people who seemed real, but I didn't trust - why would people in Russia and Far East be registering on a local English site with throwaway emails from spam associated freemail providers? These people had answered a simple text captcha.
So I changed things - I now ask a question that everyone who lives here knows the answer to, and if you don't, you'll need to invest a Google search in finding the answer.
So far no bots have got past it, and all the distant registrations have stopped as well. (I guess if they want be nefarious, they just want to sign up for loads of sites, and it's easier to move to the next one than try and find the answer to mine).
So, If you run a site and can think of a question that effectively filters PEOPLE, ask it with a text captcha. Try to keep the question open with as few clues as possible in the text. In the example below I'm assuming spammers might start trying "Linux" if they see "penguin".
Example - for an IT site - "What operating system has an antarctic bird logo?"
Ian Dickson
Likal.com
Ian Dickson
I block about more than 99.9%
I block about more than 99.9% of spam with a "enter "foo" here" textbox...
Image is not displayed on IE6
Hello,
I wonder if there is a restriction on IE6 that prevents images without extension to be displayed correctly.
Has anyone got this issue ?
what settings do people use
what settings do people use to actually block spam attacks?
For me these settings still allow spammers to get by. Is someone paying real humans to read these in order to post ridiculous comments?
Additional variation of text color: very high
Distortion level: 10
Noise level: 1 (anything higher and its almost impossible to read)
These are working pretty well
These are working pretty well for me. Higher settings caused real humans to complain via email.
Characters: >= 5
Fonts: Not the bold or the php one.
Additional variation of text color: high
Distortion Level: Medium (3)
Smooth distortion ENABLED
Add salt and pepper noise ENABLED
Add line noise ENABLED
Noise Level: Medium (3)
That has stopped, almost, false registrations in combination with the Honeypot module. BTW: From the logged responses, it's easy to see (when one has a thousand log entries from a botnet) that they are using automated methods to crack the Image CAPTCHA, and are getting very close, sometimes within one character.
Alfred P. Reaud, Proprietor
Happy Cat Technologies
1104 Columbine Ct Unit 4
Fort Collins, CO 80521-3710
Telephone: (970) 297-8490
Web: http://happycattech.com
Adding Action Functionality Based on CAPTCHA Reply
I have the "TooBad[nnn]" problem with botnets. A combination of Honeypot, CAPTCHA, and GoAway modules stops the majority of false registrations and spammers, but I have to sometimes wade through pages of logs of individuals responding to the CAPTCHA with "TooBad1" through "TooBad1000". Sometimes other activity, such as SQL based attacks, are embedded in it, sometimes not. It can span hours of attacks, usually from overseas, and if from the US, from a very small set of places.
What I need is a way to modify the CAPTCHA module to test the CAPTCHA response for known strings, and if a known string is received, to immediately call the User Management -> Access Rules -> Add Rule function. Any suggestions as to were and how that could be done?
I'm also curious what the name of this botnet is and what it's purpose is? To harass Drupal operators? That seems silly, but from my perspective it would be worth it to write the code rather than to continue to fight something I've been fighting for over a year manually...
Alfred P. Reaud, Proprietor
Happy Cat Technologies
1104 Columbine Ct Unit 4
Fort Collins, CO 80521-3710
Telephone: (970) 297-8490
Web: http://happycattech.com