Category Archives: CAPTCHA

I don’t like Parasites

I have a website that provides a free tool for a casual user. But if someone wants to do something special with it, like integrating it into their own website or do something creative of their choice, they have to buy a license. It’s not very expensive.

Recently, I have seen some IP address accessing my script a lot. After a bit of research, I managed to find out which website that ip address belongs to. That person has a decent website that might be making decent amount of money each month. Yet, rather than licensing my script and implement it locally, that person chose to bombard my website with thousands of requests per month. I analyzed my last few months of logs and gathered a handful of ip addresses that were abusing my free script and blocked them. I know I can use a captcha and reduce this type of abuse, but I will probably track ip addresses and block a request if there were too many requests from that ip in the last 1 hr. Of course, I need to be careful about not blacklisting search engines. I don’t want the genuine users to go through the captcha system, so that’s why the idea of ip address based logic.

In general, I think, there are people out there who are ready to abuse a system rather than spend little money and have a much better solution.

Leave a comment

Filed under CAPTCHA

Implementing Sessionless Captcha Verification

I saw a project request to implement sessionless captcha verification. In blink of a second I thought, sounds like a dumb request, if there is no session, then the data has to be carried along with the html form that gets posted and if so, a clever program can pick up the value and submit it. Then, in the second blink, I formulated that this can be done using a two-way encryption. Essentially, generate a random word(s) on the server side, two-way encrypt it and then put the encrypted string in the form as a hidden variable. In addition, provide the encrypted string in the image url that gets generated dynamically. The image request can decode the string and then render the captcha image. When the user submits the value, the form contains the user’s value and the encrypted value which can be confirmed on the server.


Filed under CAPTCHA