Lack of interest jQuery Draggable Captcha

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
Floren

Floren

Well-known member
Last edited:
Upvote 1
This suggestion has been closed. Votes are no longer accepted.
Floren said:
I was wondering if we could implement a draggable captcha into Xenforo.
It is very elegant and provides a better alternative, compared to default captcha.

Few examples:
http://www.webdesignbeach.com/beachbar/ajax-fancy-captcha-jquery-plugin
http://demos.myjqueryplugins.com/qaptcha/
http://www.josscrowcroft.com/demos/motioncaptcha/
http://sitehelp.com.au/demos/dragcaptcha.php

My prefered one is MotionCaptcha. Simple and elegant.
Click to expand...
This won't stop bots for long because it's easy enough to detect the shape and trace it.

It also brings up usability issues for people with sight disabilities; while it won't effect the majority it makes registration impossible for those that that cannot see or have issues seeing.
 
It's worse than that, actually. Most of them don't even require tracing.

I won't point out the exact details but let's just quickly examine them. Remember: bots won't be using JavaScript and all the fancy rules that you can implement against 'users' suddenly become irrelevant. Bots are also quite capable of sending AJAX requests these days.

ajax-fancy-captcha: When the CAPTCHA is loaded, an AJAX call is required. All a bot has to do is identify the CAPTCHA in use and it will trivially know how to query the server to get the answer to submit the second time.

qaptcha: A server just has to identify which CAPTCHA it is, and identify one variable within the <form> and make an AJAX call with that to set up a session variable, then update one variable in the POST variables before sending onwards.

motioncaptcha: The form's action variable is removed but it's buried inside the form itself for the CAPTCHA to insert it... there's no security here. There's no server side component whatsoever so you're *totally* reliant on the form variable not being found by a bot.

dragcaptcha: Again, totally on the client side. Bots will totally ignore this.
 
Back
Top Bottom