Recently, I have implemented a CAPTCHA system on a form using LylaCaptcha. A CAPTCHA is a type of challenge-response to test whether or not a user is human. The CAPTCHA generates an image with distorted text for the user to decipher.

I modified the CAPTCHA to work on static HTML pages and I also implemented additional encryption on top of the hash function. The first thing I did was upload the captchaSerive.cfc and the captcha.xml into a directory called captcha from the root path of the site. Then, I added the following to the application variable:

<cfif isDefined(”URL.reinit”) OR NOT isDefined(”application.init”)>
<cfset application.captcha = CreateObject(”component”,”captcha.captchaService”).init(configFile=”/captcha/captcha.xml”) >
<cfset application.captcha.setup()>
<cfset application.init = true>
</cfif>
<cfif not isDefined(”session.captchaHash”)>
<cflock scope=”Session” timeout=”120″ type=”exclusive”>
<cfset session.captchaHash = structnew()>
<cfscript>
session.captchaHash = “”;
</cfscript>
</cflock>
</cfif>

I then created a script called setcaptcha.cfm, which sets the session.captchaHash and outputs the value for the hash value encrypted with the coldfusion crypt function to the JavaScript XMLHttpRequest Object. Once the readyState is equal to complete or 4, the JavaScript outputs the CAPTCHA image into the HTML, passing the encrypted hash value to another script which displays the image by decrypting the hash value then passing it to the lyla function that streams the image. Lastly, if the form is processing, then I validate the entered text with the session.CaptchHash value with the following function:

application.captcha.validateCaptcha(session.captchaHash,form.textValue)

In the past six months we have noticed a distinct increase in website form spam — forms that are filled out with junk content in them and submitted.

What causes this problem are bots — small programs, like search engine spiders, that can read and traverse websites. Unlike Spiders, these programs have malicious intent, be it just to cause vandalism, to create links to websites, or worse still, attempt to hack an unsecure form-mail system. These predatory programs can submit hundreds of forms a minute and not only cause chaos to your inbox, but slow down your server and website at the same time.

The solution is to make the form unsubmittable by a bot, this is achieved by adding a “CAPTCHA” which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” You have probably seen these hundreds of times and not realized what they are for. The most common type is an image CAPTCHA, which looks like this:

You then type in what you see and therefore the form knows your not a bot and allows the form to be submitted. Here at DDA, we use these standard image versions but we have also introduced our own simple math equation version too.

As part of our website design standards, and thanks to our top notch programming team, all future forms for our clients with be built using some form of CAPTCHA system. But not resting on our laurels, as always, our team of expert website designers will keep a constant lookout for whatever future chaos spam artists try to throw at us next, and be sure we will be able to combat it just as effectively.