• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
CustomImgCaptcha: Spam Combat

CustomImgCaptcha 2.4.1

No permission to download
Customise your own images for CAPTCHA

tenants

Well-known member
#1
This is included in Both
i) Free (Branded) Tac Anti Spam Collection
ii) Paid (unbranded) Tac Anti Spam Collection

tenants submitted a new resource:

CustomImgCaptcha (version 1.0.5) - Customise your own images for CAPTCHA

CustomImgCaptcha - Customise your own images for CAPTCHA

  • Upload multiple custom CAPTCHA images (customised for your site)
  • Supports multiple answers per image
  • The CAPTCHA images are displayed randomly
  • Default example images are provided (and should be deleted for your own custom set)
  • CustomImgCaptcha is available in all CAPTCHA areas (replacing QA CAPTCHA / ReCAPTCHA where applicable)...
Read more about this resource...
 

tenants

Well-known member
#2
To Do List
0) make sure human stats are correct

1) Enable Users to refresh images (for alternative images)
2) The * operator should represent "any character(s)" for the alternative answers
3) A log to show failed attempts (enabling you to add alternative answer, remove images that are too hard for humans) - Done V1.1.0
4) A Log of refreshes (letting you know which CAPTCHAs should be pruned, since they are too hard for humans)
5) (Optional) Logs and ratios to show when the CAPTCHA fails against bots (when bots pass the CAPTCHA but fail FoolBotHoneyPot) - Done V1.1.0

Bugs To Fix
(none found, exensive testing on Widows + Apache, compatible with all plug-ins tested)
-Let me know if you find some
 
Last edited:

tenants

Well-known member
#5
Similar.. it shares the advantages of QA (the main one, is that it is custom and designed by you / traded to you from other people)

and the advantages of CAPTCHA (the main one is that it requires some form of image recognition)

QA is often beaten by looking up a hit list for a given question (or simply solving the logic if it is easy)... its now even easier with XRumer storing hundreds of thousands of QAs
Image CAPTCHA is often beaten since the bots are trained (ANNs/OCR) against them to recognised certain font types/images , patterns, clicks, or by simply downloading the image database and doing a binary comparison (ironically, the worst CAPTCHA systems are often the most popular, since it is worth while to train your bot against them)

With custom Image CAPTHCA the text is hard to slurp out (if any is used at all), and there can be a vast list of answers if the text within the image is simply a clue to another part of the image (making it hard to create a good hit list to brute force against)
With custom Image CAPTCHA the image is unique, there is no large database to train against and there is no large database to do a binary comparison on, since everyone's image set can be different (making it very hard to train your bot against lots of forums)

It also gives you the option to export your set (so if you have good Image CAPTCHA ideas, you can export them and share them with others using CustomImgCaptcha, but keep in mind, "custom" is preferential to "popular" with CAPTCHA sets )


You can use this as a simple QA in image form, but I wouldn't advise it, bot's are becoming very good at reading text in images

I'll also add some functionality to show when it fails against humans, displaying their failed answers (giving you the opportunity to improve it, if humans find it too hard) and when it fails against bots (prompting you to remove the weak CAPTCHA images)
 

tenants

Well-known member
#7
tenants updated CustomImgCaptcha with a new update entry:

CustomImgCaptcha - Now Shows Bots and Human attempts

Historic Versions:

CustomImgCaptcha_v1_1_0
Release 23/10/2012
Change Log:

  • CAPTCHA Events Can no be logged (found in the admin control panel >> Tools), showing you failed attempts and successful attempts (and also when bots don't even attempt the captch)
  • Shows Success rate for humans for each CAPTCHA (allowing you to decide if...
Read the rest of this update entry...
 

tenants

Well-known member
#8
You can now view the stats for each CAPTCHA

If needed, this provides you with an early warning system when and which CAPTCHA images start to fail against bots, you can then delete images that are no longer any use against bots. It's also a good indicator for which CAPTCHA images are too hard for humans:

or a closer inspection of an individual CAPTCHA:

moreStats.jpg

CAPTCHA Statistics For example3 (2 humans, 6 bots)
Human Success: 100%
Human Passed: 2, Human Failed: 0
Bot Success: 0%
Bot Passed: 0, Bot Failed: 6

(these stats require FoolBotHoneyPot to evaluate which are human attempts and which are bot attempt)
 

Attachments

tenants

Well-known member
#9
It's now also possible to visit the logs for each CAPTCHA events
This will show failed and passed attempts, and also show the users answers and bot attempt (when the CAPTCHA parameter isn't even attempted to be passed to the request page)

This gives you the oportunity to change expected answers to make it easier for humans (without making it easier for bots), allowing for common human typos in your expected answers

tools1.png tools2.jpg
 

tenants

Well-known member
#16
I tested it along side keyCaptcha (both installed at the same time)... I'll have look into this, but you can only use 1 at anyone time anyway. So for now unistall the other before using either, thanks for letting me know.
 

Edrondol

Well-known member
#17
I can't even use KeyCaptcha. Their site is not accepting anyone new and I'm doing this on a new site I'm setting up.

When I did get yours to work it wouldn't show the pictures, merely the normal CAPTCHA image, which just won't cut it.
 

tenants

Well-known member
#18
merely the normal CAPTCHA image, which just won't cut it.
How do you mean? These example are images for you to delete and then add your own...

A bot can not beat custom image CAPTCHA (uploading your own image), since it has never seen this image before, and so it can not train against it.

A bot can train against any system that publicly provides sets... and these sets can then be targeted (even if you have the funding of Google behind you, reCaptcha can and has been targeted)

With CustomImgCaptch you upload your own set via ACP >> options > CustomImgCaptcha
Delete the old images and add yours.
 

Edrondol

Well-known member
#19
Oh sure, I go to get screen prints and now it's working. :confused:

What HAD been happening was that I had it set to use CustomImgCaptcha, but when testing a new registration it was not showing the image but was instead showing the ReCAPTCHA words. I guess uninstalling and reinstalling did the trick.
 

tenants

Well-known member
#20
tenants updated CustomImgCaptcha: Spam Combat with a new update entry:

CustomImgCapthca v1.1.5 - Customise your own images for CAPTCHA : Stop Spam

This is just a small change to the logging functionality:

  • When logs were created via FaceBook registration, the email was saved as the FB token. This has now been changed to the string "Via FaceBook" since the email parameter can not be pulled out directly from the FaceBook registration request.
Read the rest of this update entry...