How to create CAPTCHA without displaying the image?

Report · Feb 03, 2011

I have a home-grown content management system that allows users to embed their own source code. One client embedded FORM's, but found themselves the target of spammers, so they wanted me to add a CAPTCHA feature to it. It's been a little difficult because it all displays inside of a TEXTAREA field, but I'm 99% of the way there.

What's got me stymied is the captcha image. I can create the image, write it to the server with a dedicated name, and can display it just fine inside of their form. However, the original call to create the captcha image leave a broken image box. I don't want any box, I just want it to write the image to a file and move on.

Here's how I'm making that initial call:

cfimage action="captcha" fontsize="24" fonts="Times New Roman" width="250" height="50"

text="#rndString#" difficulty="low" destination="#fileDest#" overwrite="yes"

Any ideas?

RLS

Report · Feb 03, 2011

I gave up on CAPTCHA and just put a form field asking for the answer to "2+2".

If the user enters 4, process the form. If they enter anything else, stop the process.

No bot spam since that day. Another case where the simplest solution is best.

Report · Feb 04, 2011

"2+2" is indeed a very simple solution that works for smaller sites

that get hit with automated spam bots but it doesn't work well for

sites where the spam-master is willing to put money and time into

creating a customized spam-poster (in other words when "2+2" is broken

someone is interested in your site ).

--

Mack

Report · Feb 04, 2011

If the spammer is willing to spend money and time, a CAPTCHA doesn't guarantee against that either. There are plenty of spammers using free porn on their sites and proxying CAPTCHAs to those sites to get people to do the CAPTCHA for them for free.

I'd strongly recommend an alternative to CAPTCHA - practically anything. A simple math question, as mentioned, works well - especially if you dynamically generate the values you use, and express them as strings instead of numbers! But CAPTCHAs have all kinds of inherent problems - general usability, accessibility - and they're just a bad idea all around.

For a more formal solution to this problem, checkout CFFORMPROTECT on RIAForge.

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Dave Watts, Eidolon LLC

Report · Feb 04, 2011

Thank you for your insight, Dave. I will strongly consider your suggestions, especially as I have had my share of frustrations in trying to decipher the medium and high level captcha images.

RLS

Report · Feb 04, 2011

I think you've encountered a significant short-coming in the implementation of how CF implements the generation with captcha images. Here are the problems with the implementation as I see it:

* There should be three - mutually exclusive - "destinations" for the image:

- file system (what you want)

- screen (what it kinda does now, except really leadenly)

- variable (like - seemingly - every other image operation with CFIMAGE)

* The CAPTCHA functionality is only exposed via a tag: there is no functional equivalent.

I don't think there's anything that isn't obvious there, and one wouldn't have expected in a v1.0 implementation of this. Oh well.

I had a mess around with your situation, and on a whim, put CFSILENT tags around the CFIMAGE call. That prevented it from squirting the unsolicited IMG tag down to the browser, whilst still writing the file to the file system. This is what you want, yes?

--

Adam

Report · Feb 04, 2011

* There should be three - mutually exclusive - "destinations" for the image:
- file system (what you want)
- screen (what it kinda does now, except really leadenly)
- variable (like - seemingly - every other image operation with CFIMAGE)
* The CAPTCHA functionality is only exposed via a tag: there is no functional equivalent.

I've raised these concerns with Adobe:

http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html#bugId=86192

--

Adam

Report · Feb 04, 2011

Thank you, tclaremont and Adam! Adam, I have not tried the cfsilent yet, but I will shortly. I marked yours as the answer - you tested it and I'll take your word for it.

I hope this posting helps someone else with this problem, and I surely hope that Adobe makes that seemingly insignificant change that can help us all combat those jerks - spammers. I know when I put captcha on a form, the spamming goes away instantly.

Thank you all for your help!

RLS

How to create CAPTCHA without displaying the image?

1 Correct answer