Thursday, July 28, 2011

Solve Media's CAPTCHAs won't solve the problem that CAPTCHAs need to solve

Updated May 14, 2014

CAPTCHAs are needed in order to keep spammers out of your web site. Solve Media's CAPTCHAs won't do that, and here's why.

Location is everything, right? All the good locations for ads on web pages are already saturated, right? There is a post on Tech Crunch raving about a new advertising location. Solve Media uses the CAPTCHA as an advertising platform. Apparently they are having great success and Tech Crunch certainly seemed enthusiastic in their writeup.

But as a webmaster who has NEEDED a captcha I can tell you that their captchas are a waste of time.

One of the purposes of a CAPTCHA is to prevent bots from registering, and this CAPTCHA may work for that, but what about humans?

All of Solve Media's captchas can be solved by anyone who can read English.

You need something different to keep out the spammers.

There is a whole industry in India based around solving CAPTCHAs in order to get accounts on websites for spamming purposes. They register users on forums for hire. They advertise based on how many thousands of captchas per hour they can solve.

The only thing I have found that works to prevent the spammers is to use something like this: Sortables Captcha Plugin and load it with questions that only people familiar with your topic will be able to answer.

I have used this CAPTCHA on several video game related forum style websites, and it's easy to set it up using terms from the game. People who don't play the game, and who are getting paid to solve THOUSANDS of CAPTCHAs per hour won't be able to solve it, or take the time to figure it out, and bots can't solve it at all. How does it work for the people that want to register for the game related forum? Fine, just fine. I have never had anyone complain, and we get plenty of registrations, and zero spammers.

I think the Sortables CAPTCHA will work well for this purpose whenever your website pertains to a niche topic, which is very common. I'm sure you could think of a way that would also foil foreign culture CAPTCHA solvers even if you had a general interest site.

As far as I know, this CAPTCHA only exists for phpBB, and I wonder why, since it has been so amazingly effective. I hope that someone will take this idea and make a plugin for some other CMS types.

Websites that have contact forms won't get spammed by forum posters, but lead forms, sample request forms, or contact forms do get hit by spam bots a lot. For those types of user forms I use the Hivelogic Enkoder to obfuscate the form HTML. The Enkoder scrambles the form HTML into a bunch of crazy Javascript. Browsers decode the Javascript and display the form to a normal person using your site, but all the spam bots see is a...well, nothing. Bots don't decode it. They don't even know a form is there.

You may get a few actual humans that submit the form and ask you to help with transferring vast sums of cash from a former African dictator's bank accounts, but for my users this has been rather uncommon.

Note: I see that I have failed to capitalize CAPTCHA consistently throughout this post. And I don't care. I am lazy. What can I say?

No comments: