![Demis [Fox-Labs]'s Avatar](https://secure.gravatar.com/avatar/30cdb3d88f2b8f0d7fdea0316b70342b?s=144&r=g&d=https%3A%2F%2Fwww.fox.ra.it%2Fimages%2Favatar-fox.png)
- Posts: 3856
- Thank you received: 515
CAPTCHA
23 Aug 2013 16:01 - 17 Apr 2017 11:54 #1
by Demis [Fox-Labs]
Introduction
A CAPTCHA is a challenge-response test able to determine whether the user is human or a computer, in order to avoid automatic and massive SPAM messages.
Personally, I prefer not to annoy the user asking him to prove he is a human.
Fox Contact has beautiful anti-spam feature, without the need of using CAPTCHA.
However, for those who prefer the CAPTCHA, they can enable it under "Security" > "Classic CAPTCHA".
Unlike the most of the other contact forms, once that the captcha solution is correct, but in case other mandatory fields are invalid, the captcha field disappears by the form, avoiding to stress the user with another captcha when he already proved to be able to solve it.
That way the user focuses on the important fields until a successful submission is done.
This increases your conversion ratio, and makes your customers happier.
Fault tolerance
Sometimes the captcha solution contains ambiguous characters, such as "O". You are not sure whether it's the letter "oh" or the number "zero".
For that reason, Fox Contact has a fault tolerance to facilitate the user. It assumes that
l (letter "el") = I (letter "i") = 1 (number "one")
0 (number "zero") = O (letter "oh")
q (lette "Q") = g (letter "G") = 9 (number "nine")
S (letter "es") = 5 (number "five")
B (letter "b") = 8 (number "eight")
For that reason, no matter whether you are dealing with a math or alfanumeric captcha, if the solution is "58", then "SB" will be accepted as well.
Troubleshooting
When the built-in CAPTCHA does not validate the code entered, there is something wrong with your Joomla session.
Check the field "Cookie Domain" in Joomla Global Configuration, it must contain an empty value for your Joomla session to work correctly, therefore clear the value and save the configuration.
You will probably experience problems while logging-in into your Joomla front-end as well.
Ensure that you are able to login at http://yoursite/index.php?option=com_users
Also it has been reported that, the Joomla plugin "System - EU e-Privacy Directive" by Michael Richey v 2.14 may corrupt the existing Joomla sessions.
In our tests, disabling this plugin and then enabling it again, has solved the problem, but due to its unpredictable behaviour, our advice is to choose a different "Cookie Law" plugin.
Why you should not use any CAPTCHA
Short answer
Fox Contact implements a wonderful anti-spam feature. It blocks spam attempts based on the message content, from both humans and bots, without the need of any sort of CAPTCHA. Do yourself a favour, give it a try.
Full answer
Some people use a CAPTCHA in the effort to block the spam, but ironically they ends lowering their conversion ratio and getting spam anyway. If this seems surprising to you, please read on.
A CAPTCHA is effective in blocking automatic account creation.
In the area of forms, instead, the use of the CAPTCHA is based on the wrong assumption that humans always send ham, while bots always send spam, therefore using a CAPTCHA to separate humans by the computers, automatically separates ham from spam.
1. Some people send spam
There are literally millions of Asiatic people who manually send spam by profession. A CAPTCHA detects them as humans, and lets pass their spam.
2. Some computers send ham
Disabled people rely on their software / computer to browse the Internet and fill out the forms. A CAPTCHA detects them as bots, and block them or cause them serious problems (how can a blind man read the content of an image on the screen?).
3. Often they work together, making your CAPTCHA useless
Most commonly the spam is sent automatically by bots, helped by humans who solve the CAPTCHA challenges. Suppose that a spambot site makes illegal contents available for the download. On a download request the bot loads your form, passes the CAPTCHA image to the unsuspecting user, asking him to answer to start the download. When the bot get its solution, it is used to complete the form submission, while the user gets his illegal file. Everybody wins (at your expenses).
4. It drastically reduces your conversions
Everybody knows that users bounce from the website within the first 10 seconds if they don't find what they want, or if the page loads too slowly.
How long do you think that an average user can resist when you put this barrier in front of him?
Most users will immediately abandon your site frustrated and infuriated. Very nice shot! :)
Of course Google knows that problem. That's why ReCaptcha2 is by far simpler. We are on the right way. Just another few years, and any CAPTCHA concept will probably disappear at all.
Nevertheless there is no reason for stressing genuine people (and get back unreliable results) asking them to prove they are humans. If your problem is the spam, just check the content for spam.
Comparing to regular email, think of your anti spam system that is protecting your email inbox right now.
Do you think that it is based on reCAPTCHA asking the sender to prove to be a human? No sir, it's based on a content analyzer.
reCAPTCHA2 is an external component provided by Google Inc. Use it with the understanding that it is not responsive, it can not be styled, it is almost not configurable, and it is as slow as a dead sloth. To get it working, it requires a non-trivial configuration and outgoing server-to-server http connections, that some hosting providers do not allow. Since it is a Google's closed source project, no one except Google itself has the required skills to provide technical support on it. Please refer to the official Google reCAPTCHA website for any question about reCAPTCHA.
Security questions
Someone has proposed simple security questions such as "what is 8 + four ?" instead of showing a CAPTCHA.
Well, according to the CAPTCHA definition, a "security question" is indeed a CAPTCHA. "A CAPTCHA is a challenge-response test able to determine whether the user is human or a computer."
However, computers are perfectly able to solve questions like "8 + four = ". They also calculates the typical human computation time for that task. In this case it is: 0.97 seconds for a young adult. So a bot not only can provide a correct answer, but it can also intentionally delay a fair amount of time doing that.
If this seems surprising to you, take a look at this .
CAPTCHA was created by Demis [Fox-Labs]
Content index
1. Introduction
2. Fault tolerance
3. Troubleshooting
4. Why you should not use any CAPTCHA
Introduction
A CAPTCHA is a challenge-response test able to determine whether the user is human or a computer, in order to avoid automatic and massive SPAM messages.
Personally, I prefer not to annoy the user asking him to prove he is a human.
Fox Contact has beautiful anti-spam feature, without the need of using CAPTCHA.
However, for those who prefer the CAPTCHA, they can enable it under "Security" > "Classic CAPTCHA".
Unlike the most of the other contact forms, once that the captcha solution is correct, but in case other mandatory fields are invalid, the captcha field disappears by the form, avoiding to stress the user with another captcha when he already proved to be able to solve it.
That way the user focuses on the important fields until a successful submission is done.
This increases your conversion ratio, and makes your customers happier.
Fault tolerance
Sometimes the captcha solution contains ambiguous characters, such as "O". You are not sure whether it's the letter "oh" or the number "zero".
For that reason, Fox Contact has a fault tolerance to facilitate the user. It assumes that
l (letter "el") = I (letter "i") = 1 (number "one")
0 (number "zero") = O (letter "oh")
q (lette "Q") = g (letter "G") = 9 (number "nine")
S (letter "es") = 5 (number "five")
B (letter "b") = 8 (number "eight")
For that reason, no matter whether you are dealing with a math or alfanumeric captcha, if the solution is "58", then "SB" will be accepted as well.
Troubleshooting
When the built-in CAPTCHA does not validate the code entered, there is something wrong with your Joomla session.
Check the field "Cookie Domain" in Joomla Global Configuration, it must contain an empty value for your Joomla session to work correctly, therefore clear the value and save the configuration.
You will probably experience problems while logging-in into your Joomla front-end as well.
Ensure that you are able to login at http://yoursite/index.php?option=com_users
Also it has been reported that, the Joomla plugin "System - EU e-Privacy Directive" by Michael Richey v 2.14 may corrupt the existing Joomla sessions.
In our tests, disabling this plugin and then enabling it again, has solved the problem, but due to its unpredictable behaviour, our advice is to choose a different "Cookie Law" plugin.
Why you should not use any CAPTCHA
Short answer
Fox Contact implements a wonderful anti-spam feature. It blocks spam attempts based on the message content, from both humans and bots, without the need of any sort of CAPTCHA. Do yourself a favour, give it a try.
Full answer
Some people use a CAPTCHA in the effort to block the spam, but ironically they ends lowering their conversion ratio and getting spam anyway. If this seems surprising to you, please read on.
A CAPTCHA is effective in blocking automatic account creation.
In the area of forms, instead, the use of the CAPTCHA is based on the wrong assumption that humans always send ham, while bots always send spam, therefore using a CAPTCHA to separate humans by the computers, automatically separates ham from spam.
1. Some people send spam
There are literally millions of Asiatic people who manually send spam by profession. A CAPTCHA detects them as humans, and lets pass their spam.
2. Some computers send ham
Disabled people rely on their software / computer to browse the Internet and fill out the forms. A CAPTCHA detects them as bots, and block them or cause them serious problems (how can a blind man read the content of an image on the screen?).
3. Often they work together, making your CAPTCHA useless
Most commonly the spam is sent automatically by bots, helped by humans who solve the CAPTCHA challenges. Suppose that a spambot site makes illegal contents available for the download. On a download request the bot loads your form, passes the CAPTCHA image to the unsuspecting user, asking him to answer to start the download. When the bot get its solution, it is used to complete the form submission, while the user gets his illegal file. Everybody wins (at your expenses).
4. It drastically reduces your conversions
Everybody knows that users bounce from the website within the first 10 seconds if they don't find what they want, or if the page loads too slowly.
How long do you think that an average user can resist when you put this barrier in front of him?
Most users will immediately abandon your site frustrated and infuriated. Very nice shot! :)
Of course Google knows that problem. That's why ReCaptcha2 is by far simpler. We are on the right way. Just another few years, and any CAPTCHA concept will probably disappear at all.
Nevertheless there is no reason for stressing genuine people (and get back unreliable results) asking them to prove they are humans. If your problem is the spam, just check the content for spam.
Comparing to regular email, think of your anti spam system that is protecting your email inbox right now.
Do you think that it is based on reCAPTCHA asking the sender to prove to be a human? No sir, it's based on a content analyzer.
reCAPTCHA2 is an external component provided by Google Inc. Use it with the understanding that it is not responsive, it can not be styled, it is almost not configurable, and it is as slow as a dead sloth. To get it working, it requires a non-trivial configuration and outgoing server-to-server http connections, that some hosting providers do not allow. Since it is a Google's closed source project, no one except Google itself has the required skills to provide technical support on it. Please refer to the official Google reCAPTCHA website for any question about reCAPTCHA.
Security questions
Someone has proposed simple security questions such as "what is 8 + four ?" instead of showing a CAPTCHA.
Well, according to the CAPTCHA definition, a "security question" is indeed a CAPTCHA. "A CAPTCHA is a challenge-response test able to determine whether the user is human or a computer."
However, computers are perfectly able to solve questions like "8 + four = ". They also calculates the typical human computation time for that task. In this case it is: 0.97 seconds for a young adult. So a bot not only can provide a correct answer, but it can also intentionally delay a fair amount of time doing that.
If this seems surprising to you, take a look at this .
Please Log in or Create an account to join the conversation.