Best CAPTCHA solution?

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by bob_irving on May 30, 2008 at 12:07pm

Well, the spambots found my site. I have set it up so that the admin (me) has to approve all registration, but I am sure that the one attempt from "premier visa" will soon be followed by many others.

Is the CAPTCHA module the best solution for this, or is there another module which would serve better?

Categories:

Comments

CAPTCHA is good, but you

Posted by cwolly on May 30, 2008 at 12:35pm

CAPTCHA is good, but you should look into http://drupal.org/project/recaptcha

Chad

ReCaptcha is good -- If that

Posted by bonobo on May 30, 2008 at 1:28pm

ReCaptcha is good -- If that doesn't fully meet your needs, you might want to give Mollom a shot.

Cheers,

Bill


FunnyMonkey
Tools for Teachers

Thanks

Posted by bob_irving on May 30, 2008 at 12:52pm

I was actually looking at that one, and it seems pretty comprehensive. Just wanted to get some feedback from anyone who has used any of these modules.

Thanks.

I used the standard captcha

Posted by cwolly on May 30, 2008 at 1:34pm

I used the standard captcha for quite some time and was never happy with it. recaptcha is quite an improvement. I've heard great things about Mollom but have not tried it yet.

Recaptcha

Posted by matthewboh on May 30, 2008 at 2:03pm

I just have a soft spot for Recaptcha - it is improving book digitization one word at a time by giving you two words to type in.

Impari Systems, Inc.
http://www.imparisystems.com

Impari Systems, Inc.
http://www.imparisystems.com

What is the best Captcha now ?

Posted by wwwoliondorcom on October 6, 2009 at 3:25pm

Hello,

Do you know what is the best Captcha now ?

Thanks.

The best captcha is no captcha.

Posted by dougvann on October 6, 2009 at 4:29pm

Who among us honestly enjoys being faced with a graphic of squiggly. swirly text with lines running through it?
Mollom has been perfect at defeating SPAM for me. www.drupal.org/project/mollom
If Mollom is down [rarely happens] you can choose to have Captcha auto-appear until Mollom returns. In that case I would strongly urge that you use ASCII-ART Captcha; something like this...

 _____ 
 | | | | 
 |_| ____| |__
 | | | |
 | |____ | |

Where the user enters 42h and moves on.
Just my humble opinion. ;-)

ok... the gdo site reformatted the ascii-art above.. but u get the idea. it uses pipes, underscores, and slashes to contruct graphical representations of characters.

  • Doug Vann [Drupal Trainer, Consultant, Developer]
  • Synaptic Blue Inc. [President]
  • http://dougvann.com

Mollom woohoo

Posted by bob_irving on March 3, 2010 at 1:23am

After all this time and the answers to my original post, I finally installed Mollom. I was getting tired of deleting 100+ spam comments a day. Problem solved. Woohoo!

Thanks for all the advice!

Hi,

So for you Mollom is the best solution, .... for large website ?

I haven't tried RE-captcha, is it easy to pass for "real" visitors ?

Any other solution ?

Thanks.

one size fits all

Posted by dougvann on October 15, 2012 at 12:11pm

Mollom is good for any sized site.

  • Doug Vann [Drupal Trainer, Consultant, Developer]
  • Synaptic Blue Inc. [President]
  • http://dougvann.com

Re-Captcha turns ppl away

Posted by dougvann on October 8, 2010 at 8:00pm

Captcha, Re-Captcha, Foo-captcha, Bar-Captcha [OK, I made the last two up]
Any Captcha is a big red STOP sign that tells your users that you don't really want them to fill out this form or contribute to your site.
Why would any one want to do that?
For any site I build I strongly strongly strongly strongly encourage the client to use Mollom as the first line of defense THEN let MOLLOM decide if it wants to throw a Captcha at a suspicious poster.

I can't say it enough.... Any form of Captcha stands directly against the business model of your site.

  • Doug Vann [Drupal Trainer, Consultant, Developer]
  • Synaptic Blue Inc. [President]
  • http://dougvann.com

Mollom has a design flaw

Posted by jdwalling on October 9, 2010 at 3:49am

Mollom classifies comments as ham, spam, or unsure. If your ham comment is classified as "unsure" you are offered Captcha. If your ham comment is classified as "spam" you get zip, nada, nothing. That is a false positive situation and you have no recourse. The site admin can review and report false negatives (spam classifed as ham). Mollom has no mechanism (known to me) to process false positives, and that happens often enough to piss off people who blog.

better than mollom

Posted by wwwoliondorcom on October 9, 2010 at 6:25am

Yes, I just tried it and it doesn't seem to be the ultimate solution...

You might this thread on

Posted by idcm on October 9, 2010 at 10:00am

You might this thread on Randy Fay's page interesting - it talks about Mollom

http://randyfay.com/node/69

I have been using Mollom and it let's all sorts of spam thru on the comment forms. I finally turned off comments until I have time to decide what to do.

mollom didn't work for me either

Posted by Anonymous (not verified) on October 9, 2010 at 1:49pm
Anonymous's picture

I can't believe so many people are happy with Mollom. I tried it, I found myself reporting so many comments that Mollom started putting up a Captcha on every post. I ended up uninstalling it. I'd be interested to know how the people who say it works deal with all the ad spam that doesn't go to a known Viagra site. I was flooded with it, and I really don't want it!

Captcha pack

Posted by MakeOnlineShop on February 21, 2011 at 2:24pm

Yes, Mollom is not so good.

I will try the captcha pack.

Mollom

Posted by jpamental on February 21, 2011 at 2:42pm

I'm surprised to hear so many issues with Mollom - I'm using it on a dozen sites with no issue at all (some of which have had a major issue with spam in the past).

I do know that you have the ability on a per-form basis with Mollom to decide if you want the posts identified as spam to be deleted or marked for manual moderation, and when you then see the link to 'report to Mollom' on a post you can decide if you want to report it as spam or just delete (there are other options as well). I don't know if there is an ability to 'mark as ham' when something has been queued for manual moderation.

Curious to know what sorts of traffic levels those who are having trouble are experiencing - I only have a few pretty high-volume (150,000 page views/month) sites with lots of commenting - and just don't have any of the problems others have reported.

Jason

Jason Pamental
[ @jpamental ]

My sites were pretty small.

Posted by Anonymous (not verified) on February 21, 2011 at 3:08pm
Anonymous's picture

My sites were pretty small. Even sites I had not advertised at all were getting almost 100% spam in anonymous comments, anonymous FAQ requests, etc. I think if I were not allowing links it might not have been an issue. People were just using my site for free advertising, and Mollom couldn't tell the difference between a spam link and a legitimate one.

avoid using CAPTCHAs

Posted by rogledi on June 25, 2011 at 9:21pm

Why don't avoid to use CAPTCHAs?

http://keypic.com

The best CAPTCHA is no CAPTCHA

Posted by SKrossa on June 26, 2011 at 12:39am

CAPTCHA (http://drupal.org/project/captcha), ReCAPTCHA (http://drupal.org/project/recaptcha), and any other flavor of CAPTCHA module including those that ask questions instead of using images/sounds should be avoided like the very plague.

CAPTCHAs of all kinds are inherently inaccessible to various groups of people, and, further, discourage participation even by those who have no disabilities or limitations. [Note that modules that merely hide CAPTCHAs from sighted users, like BOTCHA (http://drupal.org/project/botcha), are still a problem and should be avoided.]

When posting is restricted to known authenticated users, you shouldn't need anything at all.

Otherwise, if actually having spam problems, consider Akismet (http://akismet.com/)—via the AntiSpam module (http://drupal.org/project/antispam)—or Mollom (http://drupal.org/project/mollom) or a similar service. (Mollom still involves CATCHPAs, unfortunately, but only if it can't make a determination based on text analysis and/or user reputation. In practice, though, most legitimate users never see the CATCHPA with Mollom.)

I, too, am surprised by those posting they have had problems with Mollom. My first question would be, how did you have Mollom set up?

Having just looked at my own Mollom settings, I know that jdwalling is incorrect (at least as of the version I'm using) when he says "Mollom has no mechanism (known to me) to process false positives". This is from the Mollom settings for comments on my site:

When text analysis identifies spam: *
 Automatically discard the post
 Retain the post for manual moderation

For those who are getting too many spam anonymous comments let through, what are the comments settings for the relevant content type? Specifically, have you selected "Anonymous posters must leave their contact information"? The more content Mollom has, the better it can judge spam vs. ham.

Finally, make sure you don't do any test posts on your site without first enabling testing mode.

(Yes, I know most of the posts in this thread are old, but for those who may stumble across it...)

New captcha

Posted by erik_wallace on August 1, 2012 at 2:49am

There is a new captcha coming out there. It seems to be very safe. You can check their demo at http://www.megacaptcha.com

Megacaptcha loads complex

Posted by shreeni2 on August 1, 2012 at 5:57am

Megacaptcha loads complex image, but actually the image name is the answer of the field.

If you inspect element the image you can see the image name is the answer of the captcha code. This is easily been cracked. They have to implement their captcha product with random image name also, as its happening in Mollom.

Maybe that's because it's a demo

Posted by erik_wallace on August 1, 2012 at 8:11am

Maybe their implementation was made that way because it's only a demo, not a real implementation, and they just want to show the captcha appeareance.

Spam profiles, Daily limits & Mollom

Posted by jdwalling on August 2, 2012 at 1:46am

I moderate a site where most of the spam is put into user account profiles. Does anyone have a solution for that?
http://www.listology.com/jwalling/list/spam-patrol

(heyrocker is the site owner. I asked him if he knew of a way to prevent spam in user accounts but he didn't have a solution.)

Another problem we had was, if you use the free Mollom service and you exceed the daily limit, it can cause spam edits/deletions of comments to be blocked. I encountered the problem when I was cleaning up a huge backlog of spam. Now that the spam cleanup is every few days, I haven't been blocked. However, even if I am deleting a spam comment, Mollom invokes Captcha, for no useful purpose. Meh!

Listology is running older modules, so your mileage may differ.

CAPTCHA RIDDLER works perfectly, no need to look for anything else

Hello,

After searchingthe perfect Captcha I found that Captcha Riddler works perfectly and that bots do not guess the secret word often, so I wonder why it is not clearly said anywhere that the Captcha solution for Drupal is CAPTCHA RIDDLER ?

Hope it helps.

User register forms and Capcha Riddler

Posted by craigtockman on May 1, 2014 at 3:23am

user_pass post blocked by CAPTCHA module: challenge Riddler (by module riddler), user answered "", but the solution was "earth".

This works good! Riddler is one step ahead of the robot software that creates fake user accounts on my site and tries to add spammy content.

My experience with image and math captcha is that the virus software can get by it, unless you make the image captcha so distorted that it's practically impossible to read.

Drupal 7 ??

Posted by talvi on October 15, 2012 at 12:10pm

I don't understand why Captcha is not available for Drupal 7.x (except in beta).

"At this point, the Drupal 7 version of the CAPTCHA module is under heavy upgrade/development. Not recommended for general use (unless you really, really know what you're doing)."

That's the dev revision but not much info on the beta version, but there's no warning...... :(

I'd have thought CAPTCHA, or something similar, should be part of the core. It is so basically essential to a site's functioning I am thinking that I need to downgrade to Drupal 6.x ... no, that seems insane! What does this situation imply for Drupal more generally? I am WELL confused (again)

Try this:

Posted by markwk on October 15, 2012 at 12:11pm

Try this:

Posted by markwk on October 15, 2012 at 12:11pm

^_^

Posted by talvi on October 15, 2012 at 1:40pm

Thanks :) my friend. I've taken the leap and installed CAPTCHA beta. Fingers crossed.

I really don't like the tie-in/use of reCAPTCHA, besides which the colour scheme is pretty dire too :P

d7 and captcha

Posted by dougvann on October 15, 2012 at 12:23pm

The reason that Drupal does not have captcha in core is the same reason that gmaps, twitter, share-this and other modules are not in core. When some one starts a new Drupal site there's no telling what they are going to do with it. If we put captcha in core many ppl would never disable it and instead use re-captcha, many more would be building a site that doesn't have user generated comments and they would also not be enabling the captcha module anyway.
We try to avoid having things in core than are going to be disabled by such a large number of people. By keeping it in the CONTRIB space, it can have a leaner workflow and the maintainer and the co-maintainers can do as they wish without regard to core release cycles, etc.

It is interesting to note that SOME consideration is being given to removing the basic-page and article and maybe even blog content types from core. I don't know where those decisions are at the moment and I don't believe it will really impact me, but this would be an example of where core would be less the source for modules which would allow users to be more choosy.

So, I agree that captcha is a fundamental and popular feature [& I consider it the #1 annoyance of the web too! lol] but I would not advocate for it to be in core since today any user can grab it or not grab it.

As for the version that is available. I have clients using it and reporting no issues.

  • Doug Vann [Drupal Trainer, Consultant, Developer]
  • Synaptic Blue Inc. [President]
  • http://dougvann.com

^_^

Posted by talvi on October 15, 2012 at 1:37pm

Thanks Doug :) I've installed the beta and'll see how that goes. Did your clients do the same or did they go for the "dangerous" dev revision? Personally I really don't like reCAPTCHA for many reasons, technical and ideological.

The main issue for me with CAPTCHA vs reCAPTCHA (apart from the ugliness of the latter) is that one is linked to an external organisation and the other isn't.

I don't understand this that you wrote;
"If we put captcha in core many ppl would never disable it and instead use re-captcha"

If CAPTCHA was in the core there would be no need to install reCAPTCHA. CAPTCHA has nothing enabled by defalut anyway so there would be no need to uninstall it as a user that didn't want it would never even see it until they found they wanted it. There are several modules in the core that are not-enabled by default ie the user has to enable them, so the same approach could be taken for CAPTCHA.

Why anyone would want to remove the Page and Article content-types is beyond me (almost). It simply makes Drupal less end-users friendly. It is easy enough, even for a newbie, to get rid of or not use those content-types.

You conclude that;
"captcha is a fundamental and popular feature [& I consider it the #1 annoyance of the web too! lol] but I would not advocate for it to be in core since today any user can grab it or not grab it."

Does not that logic apply to many modules in the Core? In fact couldn't most modules in the core be removed following this logic? Perhaps they all could be?

The key for me in this is fundamental utility. There are heaps of modules in the core that in my view could/should be stripped out: Forum, Locale, OpenId, Overlay, etc etc. They are simply building blocks to develop a site (and fine modules they are too!). On the other hand, for a subscriber site, anti-spam and anti-bot structures are ESSENTIAL. That's the difference that stares me in the face. To get my site to work at all (ie not to be drowned in spam) I have to have CAPTCHA at the very least. End of Rant :D

By far the best!

Posted by asmit148 on November 16, 2012 at 12:22am

While there are many CAPTCHA solutions out there on the market, the one that does prevent spam, phishing and bots is Confident CAPTCHA. Its secure, intuitive and friction-less for the end user. They are also ran by the top execs in the security space!! Check em out www.confidenttechnologies.com. Its an image based CAPTCHA solution and they also do mobile authentication (see there app in the itunes store confidentnote-its awesome!)

How cho change width or height ?

Posted by kienan91 on October 18, 2014 at 1:02am

Hi ! i used to module reCaptchar , so how to change width and height it ? Thanks

Drupal in Education

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /