We’ve said it again and again – text CAPTCHAs don’t work.

Despite this, some of the biggest companies on the internet still rely on them – for example, AOL. We noticed they were relying on a simple text CAPTCHA to guard their sign-up process and felt we needed to put it to the test.

Unsurprisingly, and like every other text CAPTCHA today, it failed to prevent automation.

AOL___Sign_Up_croppedAOL’s text CAPTCHA in action.

Why does this CAPTCHA, and many like it, fail to protect websites like AOL? It’s simple: because they’re so easily broken by anyone who is interested in doing so.

Simple thresholding algorithms can remove the background noise and then you can run the text through an Optical Character Recognition engine. By doing this users with malicious intent can automate sign-ups and flood forums/websites with spam.

Before

before_text_captcha

After

unnamed2

Once you run OCR over the image, you get something similar to the following image, where you can simply select the text from the image:

aol_cap_highlight

The software required to do all of this is easily available (we won’t be linking it here). For security purposes, this just isn’t acceptable.

If this sort of security is so unreliable, why then do websites (even some of the biggest in the world), still rely on it? It’s simple: for the last decade, there had never been a reliable CAPTCHA alternative that didn’t annoy users. FunCaptcha was born out of this necessity for innovation.

The CAPTCHA is a technology that is solved almost 300,000,000 times daily. FunCaptcha both streamlines this process for real humans but doesn’t sacrifice security. For unreliable security assets to be phased out, large brands and companies must lead the way in advocating change and FunCaptcha is the viable CAPTCHA alternative that can be that change.

Get FunCaptcha

FunCaptcha streamlines the CAPTCHA experience all over the Internet – so we streamlined our install process as well. We’ve given the FunCaptcha API an overhaul, simplifying the experience and making it even easier to get up and running on your website.

FunCaptcha-API

You’ll be able to find the API at our Setup page as the “Standard (Recommended)” option, pictured below. It’s the default option that we suggest you use as it speeds the process up and allows a faster installation.

First: insert the code seen below into the relevant area on your site.

funcaptcha-setup

Second: select the backend language relevant to your website and perform the required steps. Below is the PHP process.

FunCaptcha-API-setup

That’s it! It’s important to note that on some websites, depending on what they’re built with, using the relevant plugin might be your best option for installation. We support the top CMSes including WordPress, Drupal and Joomla! as well as many forum software options, including vBulletin and XenForo. Have a look through our plugin list to find which one you need.

If you have any queries or just need a helping hand getting installed, don’t hesitate to Contact Us – or use the Live Chat at the bottom right of your page!

We pride ourselves on being CAPTCHA experts. It’s what we do, so we try to keep up with emerging industry trends as much as possible.

With this in mind, it’s with amusement (and concern) that we’ve noticed an interesting trend on Twitter this week. It appears that reCAPTCHA’s “No CAPTCHA” challenge has replaced the “check box” solution by instead resorting to a #CABBAGE test.

Why cabbage? Are cruciferous vegetables now a secret weapon to fight spammers? The hidden algorithms must have settled on this green leafy vegetable for a reason…

What we are certain of is that the challenges presented are hard. Have a look for yourself and see if you can pick the cabbage, and only the cabbage!

ReCAPTCHA Cabbage

To get a picture of just how often this is happening, simply scroll through the Tweets about reCaptcha cabbage.

The idea of a simple “tick the box” CAPTCHA solution, in theory, was great. The problem arises when more and more people start to get presented with the second step involving ambiguous images.  This is reminiscent of the same major usability issue that the original reCAPTCHA had – auto-generated challenges are often too difficult for humans to solve. When the object of the test is to easily advance humans, but stop bots – you simply must provide a challenge that is easy for humans, or site usability & conversion suffers.

But who are we to argue with innovation? To stay ahead of the game it was obvious that we needed our own super-food version of human verification.

So behold, the FunCabbcha. You’re welcome Internet.

Click Verify to play #FunCabbcha and prove you’re not a Cabbage.

NowSupporting-DrupalJoomla

Our aim is to be the premiere CAPTCHA alternative and what better way to do that than by providing a plugin for two of the most popular Content Management Systems available? Joomla and Drupal have both made a name for themselves with their easy to use formats and extensibility, with millions of websites already relying on both.

Installing FunCaptcha onto either CMS is a breeze, with detailed instructions via our setup page. So, if you’re creating websites using Joomla! or Drupal and needing a CAPTCHA alternative for your outdated CAPTCHA – we’re ready and waiting!

About Joomla!

Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla one of the most popular CMS’ available. Best of all, Joomla is an open source solution that is freely available to everyone.

About Drupal

Drupal is open source software maintained and developed by a community of over 1,000,000 users and developers. It’s distributed under the terms of the GNU General Public License (or “GPL”), which means anyone is free to download it and share it with others. This open development model means that people are constantly working to make sure Drupal is a cutting-edge platform that supports the latest technologies that the Web has to offer. The Drupal project’s principles encourage modularity, standards, collaboration, ease-of-use, and more.

Our founder and CAPTCHA expert Matthew Ford elaborates on what spam posting is, how massive companies like Blizzard still suffer from it and how these websites can stop it – not with annoying letters (or secretive black boxes), but with skill.

FunCaptcha is the only company dedicated to providing an interactive and engaging mini-game style CAPTCHA service that also completely stops spam posting. We can even generate revenue – if you’re into that sort of thing.

Watch the above, try us out or even sign-up from our homepage in a few easy steps.

Did you know that FunCaptcha is the only company in the world that is 100% focused on improving human verification via CAPTCHA? We really are the CAPTCHA experts!

With great power comes great responsibility, so one of our founders, Matthew Ford has taken it upon himself to solve the world’s CAPTCHA problems one video at a time.

First up, he explains a topic we’ve briefly touched on: why and how bots are getting through traditional text CAPTCHAs – a problem that’s easily solved by switching to FunCaptcha.

On Saturday morning, Matt Ford and I visited the place where FunCaptcha was first envisioned – Startup Weekend at River City Labs. It’s a great event where entrepreneurs can create a business in one weekend with the guidance of investors, mentors and experienced developers.

Whilst there, we were lucky to meet Australia’s Prime Minister, Tony Abbott! The PM was visiting the competition in an effort to better understand startups, their culture and the importance of their success for Australia’s economy.

Founders Kevin Gosschalk and Matthew Ford meeting with Prime Minister Tony Abbott

We spoke at length with Mr Abbott about how we’re protecting websites internationally and generating revenue for publishers who integrate our CAPTCHA software. He was intrigued with FunCaptcha’s unique gamified approach to security and loved hearing that federal initiatives like Entrepreneurs’ Infrastructure Programme and Accelerating Commercialisation have helped to establish our business.

We’re glad that the government is increasing focus on assisting the startup community. Because without receiving such help, and assistance from forward thinking investors like Richard Moore & Bruce Stubbs at R&R Strategic – our journey as a startup would have been much more difficult. I’m humbled by the level of success my team at FunCaptcha has achieved so far and feel that more innovative Australian startups deserve the same opportunities.

So thanks Tony, it was great to meet you. And thanks to everyone that continues to contribute to the FunCaptcha story.

Kevin Gosschalk
Co-Founder & CEO

If you’ve used the Internet for any decent amount of time, you’ve probably seen or experienced “spam”. It may have been as a forum moderator, a user or even as the owner of a website. Nearly every internet user at one point has experienced or seen “spam”. But what exactly IS “spam”?

internet-spam

Many believe spam is just unwanted emails that are banished to the “junk” folders of their inboxes. This isn’t entirely true: spam emails are actually a small part of what makes up a much larger definition. Internet communities, a.k.a “forums”, are often the biggest targets for “spammers”. This is because millions of internet users all over the globe use them every day. It’s a big problem and even the biggest companies in the world can be at the mercy of persistent spammers. For example: Battle.net, Blizzard’s online gaming portal and community hub, has been seeing a large spike in spam, as you can see below.

battlenet_spam_forums

Blizzard’s English Hearthstone community under siege from Korean spammers.

Spammers, like those pictured, have one goal: get their unsolicited information in front of you by any means necessary. They’ll use software to break through bad CAPTCHAs, bots to automatically fill up petitions and even use software to auto-vote on community ballots. There’s a big difference between honest marketing and advertising practices and the malicious acts spammers carry out every day.

Paying to have your brand’s advertisement occupy the banner of a website? Great! It’s the same as a billboard: it’s a space dedicated to advertising a product and if done correctly, doesn’t intrude on a user’s experience.

Making thousands of fake accounts and completely filling up a forum’s message boards, effectively rendering them useless? Not great. It means the community can’t act as a community should, the forums begin to lose their user base and a community hub without a community is pointless.

This is one of the major reasons FunCaptcha exists today. We aim to protect communities all over the world from spammers and their nasty ways. We love participating in communities, so why would we want to see them filled with malicious links, fake ads and unsolicited offers?

uber-petition-hack

On the 20th of June, an anonymous person decided to “break” Uber’s petition site. They then automated a process which resulted in over 100,000 fraudulent signatures in under 3 hours, effectively rendering the petition useless. The second step could have been avoided if they were using FunCaptcha.

It’s important to note that the first step, the actual breaking of the website through code exploits, isn’t something FunCaptcha (or any other CAPTCHA service) is designed to prevent. The information fields (First Name, Last Name etc) accepted any form of input. This allowed the anonymous vigilante to break the web page and even direct future visitors to Uber’s competitor, Lyft. Not cool right?

The perpetrator then listed what other malicious acts could be carried out through exploitation of the weakness:

Screen Shot 2015-06-23 at 2.28.57 pm

Pretty serious stuff. However, this post isn’t about the HTML exploits. Instead, we’re looking at how 100,000 signatures were signed up within 3 hours because the petition didn’t have anything in place to verify if that the signatures were submitted from a genuine source.

This is something FunCaptcha specializes in: we ensure that all activity through petitions, contact forms and surveys is genuine. If it isn’t, websites start to see Non-Human Traffic, which skews the results, leading to uninformed decisions and a misunderstanding of what your users or fans want. No-one, especially businesses, likes to waste their time and money – but without a secure method of verification, that’s exactly what happened to Uber in this case. Don’t worry Uber, we still love your friendly drivers and minty refreshments.

Simply put: if you plan on setting up a petition, a contact form or a survey – use FunCaptcha and avoid the headache that spammers cause. It’s why we’re the CAPTCHA of choice on Care2.com, one of the world’s largest petition sites.

Incoming Bot

The purpose of a CAPTCHA is simple: protect a website from malicious attacks (i.e. spammers) by being difficult/impossible for bots but easy enough to let humans through. But what happens when the most commonly used CAPTCHA service can be solved with 97%+ accuracy by the very bots it was designed to beat?

For over a decade, text based CAPTCHAs have been the popular choice for this task. They grab a word (usually English), warp it into a shape not commonly seen and then ask users to type the words they see. Some text CAPTCHAs even use a random assortment of letters and numbers in an attempt to hinder the bots even more. The issue? Programs that utilize Optical Recognition Software, known as OCR, read the distorted text and allow bots through to websites that relied on the security service to prevent that very thing happening.

recaptcha-distorted-text

This, unfortunately, is a common problem. By design, text CAPTCHAs have a shelf life – in order for them to remain difficult for bots, they have to become increasingly harder for humans. It appears that we’ve reached the ceiling for text CAPTCHA effectiveness, which is a big motivation for our creation of FunCaptcha.

The internet was built on innovation and that’s exactly what we’re doing with FunCaptcha – innovating an area of web security that sorely needs it.

Update: watch co-founder and CAPTCHA expert, Matthew Ford, go into detail on this topic in our new video series!