Implemented CAPTCHA Security to Protect the Contact Page

With today's site update I have protected the Contact page with a CAPTCHA security mechanism. CAPTCHA stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart" and can be used to prevent automated attacks on pages that allow a user to submit Comments, Contact details, Orders and so on.

Update 6/6/2010: I am no longer using a graphical CAPTCHA on my web site, but a simple text based calculation instead.

Update 10/09/2004: Microsoft just published a great article about this subject on their MSDN Web site. You can find the article here.
 

My Contact page wasn't really suffering from these kind of attacks, but I thought it would an interesting exercise to find out how to implement CAPTCHA.

Some of the sources for the CAPTCHA application come from an article at www.15seconds.com titled Fighting Spambots with .NET and AI. While I found the article itself pretty messy and difficult to read (there are at least a zillion images demonstrating the use of CAPTCHA), the article came with some pretty useful code written in VB.NET. Since my site is written exclusively in C#, I had to convert the code, and changed a few things along the way.

If you want to find out more about CAPTCHA, check out the Web site of The CAPTCHA Project or check out this short white paper titled Telling Humans and Computers Apart (in .PDF format). If you want to see an implementation of CAPTCHA in VB.NET, download the source code that comes with the CAPTCHA article at the 15Seconds site.

References


Where to Next?

Wonder where to go next? You can post a comment on this article.

Doc ID 311
Full URL https://imar.spaanjaars.com/311/implemented-captcha-security-to-protect-the-contact-page
Short cut https://imar.spaanjaars.com/311/
Written by Imar Spaanjaars
Date Posted 07/11/2004 17:55
Date Last Updated 10/09/2004 23:06
Date Last Reviewed 06/06/2010 13:57
Listened to when writing Armenia by Einsturzende Neubauten (Track 11 from the album: Zeichnungen Des Patienten O.T.)

Comments

Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the Doc ID of the document.

(Plain text only; no HTML or code that looks like HTML or XML. In other words, don't use < and >. Also no links allowed.