Stop Spam Bots with the HTML Encoded Captcha (HEC)

If you own a site where users can participate in a discussion or share their opinions (forums, talkbacks etc) you probably had to deal with spam bots. Even with a standard Captcha many scripts are able to crack it and post a spam message on your site.

In an attempt to prevent this annoyance I created a new kind of Captcha that presents an unsolved challenge to the bot's programmers. What I did was to encode the Captcha image into HTML. By doing so I gave the bots programmers a few new challenges:

The Captcha is no longer an image and therefore not a resource they can download and process.
The owner of the site can change the properties of the Captcha's HTML, making it unique, and by doing so add another layer of complication for the bot to crack.
In an ideal demo, the Captcha would integrate seemingly with the page's HTML and will make it very hard to tell apart, therefore make it extremely hard for a bot to detect it.

The project is released under the GPL license and is based on the b2evo captcha.

You can download the source here.
Instructions about how to easily integrate it into phpBB can be downloaded here.

Please note: HECs are quite heavy and I didn't add a mechanism against Dos attacks. This is a proof of concept and not a complete solution since my main focus is on Omgili. I apologize for the inconvenience.

If you decide to use the HEC I highly recommend adding some kind of a mechanism to prevent multiple requests from a single user.

Find discussions about Captchas with Omgili

Good luck,
Ran Geva
Omgili - Find out what people are saying