This tutorial is to explain CAPTCHA, an acronym which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. The purpose of a CAPTCHA is to provide a problem that is easy enough for a human to solve, but yet will prevent automated software on a computer from performing whatever tasks the malicious user has in mind.
A CAPTCHA is used to try to prevent automated software from performing actions that degrade a system, either through abuse or resource expenditure. They can be used to help protect against email spamming, and to minimize automated postings to forums and blogs.
CAPTCHA is not perfect, and someone is always working to find a way around the newest versions. They are also not always accessible to the disabled, but attempts are being made to make them so. One of the biggest threats to CAPTCHA is the evil-doers – spammers and hackers – using cheap foreign labor, paying about $.80 to $1.20 for each 1,000 solved CAPTCHA images.
There is a lot of discussion on the internet about the use of CAPTCHA’s. Complaints range from being cumbersome, to the new CAPTCHAs that rely on a jumble of mixed up letters, instead of words, making it impossible to guess what that next letter might be. Most seem to agree that the best approach might be to add some basic security to stop generic bots, and watch for suspicious IP’s and monitor behavior, like a large number of requests from one IP, or spam links being sent to many users. Most say leave the CAPTCHA off of small sites, and monitor them instead. This is a personal decision for every site owner to make.
This concludes the tutorial about CAPTCHA, and its use.