Math CAPTCHAs in ASP
The idea of math-based CAPTCHAs has been around for a while, but it still hasn’t caught on much for some reason. Personally, I think the idea of a website asking you to enter the value of 7 + 8 is much less annoying than it asking you to squint and try to make out distorted letters and numbers. Thus, I have put together four ASP math-based CAPTCHA scripts that are freely-available for download and can be used or modified however you see fit. I have outlined the pros and cons of each of the scripts to help you decide which (if any) of them is right for you. Note that all four of these scripts make use of the AspJpeg component though the scripts could easily be modified to work with other components or produce text output.
Arithmetic CAPTCHA
This is the most basic of the math CAPTCHA scripts — it asks the user to provide the answer to a simple arithmetic question (either addition, subtraction, multiplication, or division). The script could easily be modified to ask more complicated questions such as “(12 / 4) + 7 = ?” or “33 = ?”.
Features and Benefits:
- You can select the difficulty of the questions that the CAPTCHA asks.
Downsides:
- If the difficulty is low, most answers will be in the range 1 – 25, which means that a SPAMbot has a decent chance of randomly guessing the correct answer.
Example:
Download:
- Download arithmetic.zip (v1.00 — 5.18kB)
- Test it Online
Dictionary CAPTCHA
Quite a few websites now use CAPTCHAs that display words rather than random letters and numbers, and that is definitely a step in the right direction towards making CAPTCHAs less annoying. One step further though, is to use themed word lists that fit with the content of your website. This script does exactly that; it displays three words randomly selected from word lists that you create.
Features and Benefits:
- Won’t alienate users with no math knowledge.
- Comes with enough math terms to generate over 25 000 unique CAPTCHAs.
- Word lists can easily be customized to fit any website.
Downsides:
- Defeated reasonably easily by OCR software (this could be fixed by adding lines through the image and so on).
Example:
Download:
- Download dictionary.zip (v1.00 — 5.89kB)
- Test it Online
Sequence CAPTCHA
The Sequence CAPTCHA displays a sequence of numbers and asks the user to predict the next number in the sequence. The script generates one of three types of sequences: arithmetic, geometric, or Fibonacci-type. However, you could easily edit the code to generate some really nasty sequences if you dislike the visitors of your website that much.
Features and Benefits:
- It’s reasonably immune to being broken by SPAMbots, unless someone spends a lot of time making a script specifically for your website.
Downsides:
- Unless your visitors are very math-oriented, they will hate you.
Example:
Download:
- Download sequence.zip (v1.00 — 5.41kB)
- Test it Online
Word Arithmetic CAPTCHA
This is a simple twist on the Arithmetic CAPTCHA that replaces the numbers by words and thus asks questions like “Ten × Four = ?”. The questions are slightly easier by default than the questions in the Arithmetic CAPTCHA script.
Features and Benefits:
- Accepts both numeric and word input from the user.
- Quite resilient against being broken by SPAMbots.
Downsides:
- As with the Arithmetic CAPTCHA, a random answer in the range 1 – 25 has a decent chance of being correct.
- Some questions like “Forty Three – Twenty Seven” might scare away certain users. Then again, those may be precisely the types of users that you want to scare away.
Example:
Download:
- Download wordarithmetic.zip (v1.00 — 5.76kB)
- Test it Online
thank you man.
These are very useful
you are great
thank friend
I really like your concept here and I started to use it, however I did find one small glitch that makes is a little unusable.
If you use Firefox the values entered in the form are retained just fine. However, in IE7 and Chrome (didn’t test Safari, but will) when you click the back button the values in all the fields get cleared. If this were a simple form it would only be a nuisance, but if the form has any length it can be very frustrating for the user.
would you give some thought to integrating it so that the script could be called as an include or server.execute and pass the captGuess in a way that each time the script is called it iterates?
If you need an clarification feel free to contact me.
@Greg C
Yes, as provided the script is very bare-bones, but it can be modified to take into account the form blanking problem when the back button is pressed.
I’ll be making an ASP.NET version of the script soon that will take care of this problem pretty much automatically, but to make the current code work as desired, check to see if the CAPTCHA value is correct. If not, redirect the user back to the page with the form on it and pass the data that they entered as querystring parameters. Then on the form page, read in the querystring parameters and have those values be the default values on the form. That way the user never feels the need to press the back button, so things never get cleared.
Alternatively (and this is the method I use live on my site), you could check via AJAX whether or not the CAPTCHA is correct before even submitting the form. If it’s not correct, display a javascript error box. If it is correct, submit the form. That takes a bit more work though (though I’ll likely detail how to do that with the ASP.NET version).
Hello Nathaniel..
I’m trying out your Arithmetic CAPTCHA form, and I must be doing something wrong because the initial form does not display the math question….in IE or Firefox.
@Frank Willbright – I imagine that you don’t have ASPJpeg installed on your server then, so unfortunately this script won’t work for you as-is. You could modify the ASP code to display the CAPTCHA as plaintext then rather as an image, but that may or may not involve more work than you want to put into this.
Hi Nathaniel,
I am not too experienced with ASP (in fact I am not at all:)), and recently I have moved my site from a server who runs ASPJpeg on my own server which does not. I saw that for running ASPJpeg it is necessary to buy a license, therefore I would much appreciate a version of your Captcha with plain text rather than as an image. Am I asking you too much? Thank you anyway.
Hi Dan,
I plan on making a new script with more built-in options like that, but in the meantime, here is what you can do (I will use the Word Arithmetic script as my example, but it works the same for all of them):
1. In createWordArith.asp replace the ShowCaptcha subroutine (lines 143 – 159) with the following code:
Sub ShowCaptcha (scStr, scAns, scColor)
Session (”arithCapt”) = CStr (scAns)
Session (”arithCaptB”) = LCase (Replace (wordArr (scAns), ” “, “”))
Session (”arithTries”) = 0
Response.Write (scStr)
End Sub
2. In wordArithForm.html, on line 45 you will find:
<img src=”createWordArith.asp” width=”425″ height=”23″ />
Replace that with:
<iframe src=”createWordArith.asp” width=”425″ height=”23″></iframe>
I think that should do the trick for you. Be wary when copy/pasting this code, because Wordpress likes to convert regular double quotes into fancy ones that might mess up your code. Good luck!
Thanks, but it does not work. I checked the double quotes, I have increased the height to 63 but in the window appears like text the beginning of file “CreateWordArith.asp”. Try to help further?! Is it possible to do the same for “Arithmetic Captcha” which do not deal with “words” but figures?
@Dan – When you say “in the window appears like text the beginning of file “CreateWordArith.asp””, do you mean that you see the code from the CreateWordArith.asp file? If so, then your server does not support (or is not currently configured to run) ASP documents.
And yes, you can change the Arithmetic Captcha in the exact same way to make it output text — just change the ShowCaptcha function as I described earlier, and then change the <img> tag to an <iframe> tag in the HTML file.
If you still have trouble, could you perhaps copy and paste the text that appears in the iframe into your next comment?
I am running on a Windows 2003 server which host my site which is in .asp (unfortunatelly, the site was designed by somebody else and I am trying only to patch it because I am not an expert). I am sending you an email with both a screen copy and the patched asp and html files.
I fix it Nathaniel. Thank you so much and be happy
finnaly a server-side captcha that actually works!!! thanks man!
nathaniel
this is a great idea for a captcha. I am not very familiar with asp other than installing scripts, etc. where in your script would I enter an email address for the form to post to?
thanks