> Linux > HKCaptcha

HKCaptcha - yet another PHP Captcha implementation

With clutter
Random letters

Random letters

Random letters

Distortion only
Random letters

Random letters

Try the Demo page

Yet another captcha implementation in PHP. This one is written with the current state of captcha-defeating research (as of 2007) in mind. Apart from a mathematical letter distortion algorithm that is more than just rotating the letters (just like on the big websites such as Google and Yahoo), the clutter is designed to make segmentation of the image into separate letter glyphs hard to do automatically. Finally, the images contain the name of the originating website to discourage re-using them on porn sites.

If you think this is paranoid, then check out the following references:

For more general information, see Wikipedia.


I host a forum that is run by somewhat obscure forum software (PunBB, run by about 700 sites in the world). Everything was fine for a few months until I got flooded by forum spam in May 2006. Each post originated from a different IP address, which made IP blacklisting unfeasible. After I introduced this captcha, I could see in my log files that it blocked 158 attempts to spam the forum during the first two weeks, so I consider it quite effective..


PHP GD and truetype library (these are normally installed by webhosting providers. Otherwise look for the package php-gd) You will need to know some PHP in order to adapt your forum or guestbook software.


The PHP script 'captcha-image.php' will generate a PNG with a distorted five-letter code. The code is stored into the PHP session variable $_SESSION['captcha_string']; see the examples example.html and verify.php.

You may want to change the settings at the beginning of 'captcha-image.php'.

The distortion algorithm is computationally intensive and PHP is not exactly suited for that job. It may take a second or so of CPU time to generate an image. This should not be a problem on small sites.

You can have a look at the php source code. After all, CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart", i.e. the effectiveness does not depend on the source code being secret. :-)


The PHP script is copyright Han-Kwang Nienhuys, but may be distributed freely, including inclusion in other free or commercial PHP software packages, provided that the license information in the PHP script is preserved. I included a free truetype font, that may be distributed under the restrictions outlined on


hkcaptcha-20081112.tar.gz (40 kB)


20060611 - first public version
20061228 - with distorted circles instead of lines. Script not published.
20070620 - new distortion algorith, smoother character shapes.
20080226 - Fixed caching issue with back button in Firefox. The image is now reloaded even if the page is revisited with the Back button.
20081112 - Rewrote license text because of confusion.
Rate Script!

Laatste wijziging: 12 Nov 2008   Copyright