CAPTCHA, Captcha Pack, reCAPTCHA
Submitted by David Herron on Wed, 2007-12-05 22:48
A Captcha is a method of displaying something readable to a human being, but which a computer program is unable to read. The human being is then instructed to enter that information into the web page. The web page software then can check what the human enters, and if the entered value matches then the software can be assured it was a human being. It's a kind of reverse Turing test. In order to verify that a request is from a human being, and not from a spambot, the software presents a challenge which a human is likely to successfully answer, and which is likely to confuse a spambot. The Drupal CAPTCHA module is pretty simple to install and is much better than previous CAPTCHA choices for Drupal. The original CAPTCHA module was very inflexible, though effective. It has undergone a period of redesign to make a very nice and flexible system. During the interim period a solution named MyCaptcha was made available, and which I disrecommend in favor of the new and improved CAPTCHA.
InstallationUnpack the module in your modules directory. In the modules admin page, enable the Captcha module and any other Captcha modules which show up. The base Captcha distribution comes with a couple included Captcha types. You may want to also install the Captcha Pack or the reCAPTCHA system. You can also unpack these modules and enable them at this time.
Configuring the basic Captcha systemYou will find CAPTCHA in the 'User Management' section of the admin page. The new and improved CAPTCHA system supports multiple captcha types. The stereotypical Captcha type is an image into which some text is rendered. An image containing text cannot be easily read by a computer, because it means capability for optical character recognition. To make an OCR attack harder Captcha software usually mutates the text. But the harder you make it for computers to use OCR to read the text from the image, the harder you make it on your humans to do likewise. The Drupal CAPTCHA system offers more types than image captcha's. Out of the box it supports math captcha's where the user is asked to perform a simple math operation, and image captcha's. You select for each 'form' what (if any) captcha to use for that form. 'Form'? What this issue boils down to is, at any point Drupal asks for input from a human, do we or do we not want to at the same time verify that the input was given by a human? Input into a web application is through a 'form', and therefore it's necessary to consider adding humanity-verification to each form in the system. In the image captcha type there is some further configuration to perform. Image captcha's involve drawing text, and to draw text one must have a font to draw. But getting a font is non-trivial because few (or none) are open source in the way required by the Drupal community. However Yahoogle is your friend, and searching for "free truetype fonts" turns up several websites with freely downloadable fonts to use. Simply download one or more of them into
captcha/image_captcha/fonts/and the Image Captcha module will immediately recognize them. In the image captcha settings you have several options controlling how badly the text is skewed and mangled. Again, there is a tradeoff between making it hard on the computer and making it hard on the human. There is software out there that can read image captcha's and fool the captcha system. The things which (I think) will make it hard(er) for this software is to use an unexpected font, and to add noise and distortion. But some of the 'weird' fonts which would make it hard on a computer to decode, also make it hard for the human to decode. Fortunately the module provides lots of settings to tweak to your desire.