HKCaptcha - yet another PHP Captcha implementation
Yet another captcha implementation in PHP. This one is written with the
current state of captcha-defeating research (as of 2007) in mind. Apart from
a mathematical letter distortion algorithm that is more than just rotating
the letters (just like on the big websites such as Google and Yahoo), the
clutter is designed to make segmentation of the image into separate letter
glyphs hard to do automatically. Finally, the images contain the name of the
originating website to discourage re-using them on porn sites.
If you think this is paranoid, then check out the following references:
For more general information, see Wikipedia.
I host a forum that is run by
somewhat obscure forum software (PunBB, run by about 700 sites in the
world). Everything was fine for a few months until I got flooded by forum
spam in May 2006. Each post originated from a different IP address, which
made IP blacklisting unfeasible. After I introduced this captcha, I could
see in my log files that it blocked 158 attempts to spam the forum during
the first two weeks, so I consider it quite effective..
PHP GD and truetype library (these are normally installed by webhosting
providers. Otherwise look for the package php-gd) You will need to know some
PHP in order to adapt your forum or guestbook software.
The PHP script 'captcha-image.php' will generate a PNG with a
distorted five-letter code. The code is stored into the PHP session
variable $_SESSION['captcha_string']; see the examples example.html
You may want to change the settings at the beginning of
The distortion algorithm is computationally intensive and PHP is not
exactly suited for that job. It may take a second or so of CPU time to
generate an image. This should not be a problem on small sites.
You can have a look at the php source code.
After all, CAPTCHA stands for "Completely Automated Public Turing test to
tell Computers and Humans Apart", i.e. the effectiveness does not depend on
the source code being secret. :-)
The PHP script is copyright Han-Kwang Nienhuys, but may be distributed
freely, including inclusion in other free or commercial PHP software
packages, provided that the license information in the PHP script is
preserved. I included a free truetype font, that may be distributed under
restrictions outlined on gnome.org
hkcaptcha-20081112.tar.gz (40 kB)
20060611 - first public version
20061228 - with distorted circles instead of lines. Script not
20070620 - new distortion algorith, smoother character shapes.
20080226 - Fixed caching issue with back button in Firefox. The image is now reloaded even if the page is revisited with the Back button.
20081112 - Rewrote license text because of confusion.