- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Completely Automated Public Turing Test to Tell Computers and Humans Apart is more commonly referred to by its acronym, CAPTCHA. It is a type of challenge-response test used in computing to determine whether a user is a human or a machine. Websites use CAPTCHA to prevent spam and automated extraction of data. Because computers are unable to distinguish letters and numbers within moving or distorted images, CAPTCHA typically requires a user to enter letters or numbers presented in a visually distorted field. It is also common to choose from a variety of images where you need to select a common theme.
The CAPTCHA method of identification has received many criticisms because the distorted letters are difficult to read, and the process slows people down. However, Google’s product reCAPTCHA authenticates human users with a click of a box, and other easier challenge-response tests are sure to follow.
The internet and computers are made up of a unique coding language. Computers find it difficult to understand languages because of the strange and intricate rules human languages take on, along with slang that humans use.
Google’s v3 reCAPTCHA can also use in-browser tracking and behaviorial analysis to determine whether the page is being viewed by a person.
You should see a Google reCAPTCHA icon hovering at the bottom right of the web browser when accessing a website that has reCAPTCHA enabled and working correctly.
There are 6 methods to prevent form spam without using CAPTCHA
reCAPTCHA (CAPTCHAs predecessor) – see above
Honeypot – are traps designed to lure in and then eliminate bots, viruses, or other bad actors that you may encounter online.
Create session cookies - If a user’s session seems suspicious, it can flag that form as possible spam.
Install a form prevention plugin - If you’re more concerned about possible spam comments that could reach the front end of your site, you can also install plugins such as akismet that are designed to filter out this type of spam.
Use a double opt-in form - The system then automatically contacts the account and provides it with a special link or a new sign-in code to ensure there is an authentic person on the other end ready to sign in.
Ask a test question - This is something like a reverse honeypot: instead of tricking bots into betraying themselves, you’re giving away a free passcode to your forms that only humans can understand.
Using a contact form on your website is very useful as it helps your web site visitors to communicate with you in an easy and simple way. But there are spammers and hackers who are looking for exploitable web forms. It is essential to secure your form against all ‘holes’ that those hackers are searching for.
CAPTCHA is an image with a code written on it. The website visitor is required to read the code on the image and enter the value in a text field. If the word entered is wrong, the form submission is not processed. As CAPTCHA is a smartly blurred image, the spam bot can't read it. So, the form cannot be automatically submitted by a ‘bot’.