Wherever we go on the internet, we encounter CAPTCHAs, those twisted words that block or enable entries on websites. Need to sign up for free Web-based e-mail services like Hotmail, Yahoo! Mail or Gmail? There’s a CAPTCHA. Want to comment on an article or blog post? Usually There’s a CAPTCHA.
So what is CAPTCHA and why do we should have it?
CAPTCHA – an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. A CAPTCHA is usually a graphic image with a series of distorted letters on an equally distorted or multicolored background.
CAPTCHA is important to many internet empires in order to prevent a robot from manipulating services. In absence of Captcha tool spammers can fill your website form(s) with active or inactive email addresses that may cause either maximum emails per hour limit or maximum percentage of failed/deferred messages respectively.
There are thousands of popular websites that are using CAPTCHA, some of them are given as follow:
- google.com
- magento.com
- dailymotion.com
- mediafire.com
- udemy.com
- gamepedia.com
The technology is used mostly to block spammers and bots that try to automatically harvest email addresses or try to automatically sign up for or make use of Web sites, blogs or forums. CAPTCHA, whose users include Yahoo and Google, blocks automated systems, which can’t read the distorted letters in the graphic. In order to keep out spammers, a CAPTCHA has to effectively test if you are human or machine. Computer scientists figured out that one of the easiest ways to do that is to use images of language. In order to deceive spammers, the images of language take randomly generated text and manipulate the image, so that a human can barely read it, but a computer trying to take a picture of it cannot.
Here is a sample-1 image of CAPTCHA.
If you want to test CAPTCHA demo “Click here” or visit following link:
https://www.google.com/recaptcha/api2/demo
Here is a sample-2 image of CAPTCHA.
Best Practices being used to prevent spamming through web forms are as follows.
1. Validate Google reCaptcha through PHP
Google reCaptcha jQuery validation can not stop spamming completely, bots can easily bypass jQuery validation and can submit form to server without any browser interaction(as javascript can be disabled easily from any browser). So whenever you add recaptcha to a website make sure you are validating through PHP. When a user validate recaptcha an input parameter will be passed to server with name ‘g-recaptcha-response’. If this field is not posted with the form then you need to prevent email from sending.
You can follow below link to know more about validating google reCaptcha through PHP.
https://codeforgeek.com/google-recaptcha-tutorial/
2. Honeypot
In order to implement honeypot technique we add a hidden text field in form, we will validate it though php. If hidden text field contains data then it will be filled by bots, so in this case we need to prevent email from sending. So whenever a form is submitted by user honeypot (hidden text field) will be empty, but if it is from bots/spammers it will always contain data.
You can follow below link to know more about Honeypot.
https://gist.github.com/andrewlimaza/958826feac907114a57462bfc8d535ff