Securing Website Forms with and without CAPTCHA

There are means to block automated or remote submission of the website forms. Having an unsecured form these days is just asking for a few hundred junk emails a week if not more. There are about 4-5 decent ways of blocking SPAM and potential “hacker” or intrusive programs from abusing our forms:

1. The most elegant in my opinion and definitely the least annoying to users, but not a completely secure or “perfect” solution is currently referred to simply as “Safer Contact Forms without Captcha”. There isn’t really anything tangible to show you a demo of, but an overview of the technology method can be reviewed here: http://15daysofjquery.com/safer-contact-forms-without-captchas/11/ or here: http://docs.jquery.com/Tutorials:Safer_Contact_Forms_Without_CAPTCHAs (i think this is the original author of this method, but they’re both the same thing)

Two downsides to this approach are:
1. Users must have cookies enabled as well as Javascript. A teeny tiny amount of visitors will not, but we can prompt them with a message.2. This security concept is based on the current methods that “bad bots” and hacker-programs use, but is in no means actually “securing” anything.
2. Number 2 because it is my second favorite option currently available: Ajax Fancy Captcha jQuery plugin. This one is cutting edge and truly is the best and most realistic way of proving someone is actually a human in todays software abilities and limitations. A live interactive demonstration of this is here: http://www.webdesignbeach.com/beachbar/ajax-fancy-captcha-jquery-plugin

Two downsides to this approach are:
1. “You don’t want to use CAPTCHA’s in general because you just know that requiring your visitors to read squiggly letters
and numbers just to send you a message is going to suppress communication – not encourage it.” – Quoted from the article
in option #1 :)
2. This method is the least friendly to handicap visitors using screen readers, etc. This isn’t a major concern on this project, since we are not subject to be Section 508 Compliant or anything, but it’s always something we should be conscious of. You never want to dishonor the ADA… ;)

3. Option #3 is very widely used and is actually the industry leader in CAPTCHA solutions in the open-source world. You’ve probably seen and used this at least a dozen times on various websites: http://www.google.com/recaptcha

4. Option #4 is another flavor of CAPCHTA that is a little less “bloated” and has more readable characters, but is less effective than Option #3: http://www.archreality.com/jcap/. I’ve implemented this one one of our clients websites recently that you can look at: http://www.plansource.com/plansource/contact

Leave a Reply

Your email address will not be published. Required fields are marked *