The ASP CAPTCHA Project
version 0.1
--------------------------------------------------------
What is CAPTCHA ?????
CAPTCHA is an acronym for "Completely
Automated Public Turing Test to Tell Computers and Humans Apart".
As the name suggests, it's a test to distinguish the degree of being human. As
defined on the CAPTCHA home page at the Carnegie Melon University School of
Computer Science's Web site:
CAPTCHA is a program that can generate and grade tests that:
• Most humans can pass.
• Current computer programs can't pass.
--------------------------------------------------------
The ASP Implementation !!!
(*) This ASP implementation uses 2 libraries for generation of Captcha's
[*] GD by Thomas Boutell., GD is copyright 2005 Boutell.com, Inc.
[*] ActiveX Wrapper for GD by Trevor Herselman in his code
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=9202&lngWId=4
(*) Here GD library., bgd.dll is deployed in WINDOWS/SYSTEM32 directory
(*) Then the ActiveX wrapper is compiled as GDLibrary.dll and DLL Registration using regsvr32 is done.
[note] Compiling the ActiveX may have some issues like ADO Dependencies., As originally the ActiveX wrapper references Microsoft ActiveX Data Objects 2.8 Library. But it works well with Microsoft ActiveX Data Recordet 2.7 Library.
[note] The ActiveX may need a reference to Microsoft ActiveX Data Objects 2.5 Library also.
(*) Then the ActiveX wrapper is compiled and DLL Registration using regsvr32 is done.
(*) Then Create a folder 'Captcha' in 'wwwroot'., then copy the .asp files there and point your browser to the index.asp
--------------------------------------------------------
Implementation Examples
(*) This ASP implementation has 4 types of Captcha's
[1] Captcha Type 1 -- Only Numbers
[2] Captcha Type 2 -- Only Alphabets
[3] Captcha Type 3 -- Alphanumeric
[4] Captcha Type 4 --
Alphanumeric with other Symbols
--------------------------------------------------------
Captcha Application
CAPTCHA TESTS have several
applications for practical security, including (but not limited to):
Online Polls: In November 1999, http://www.slashdot.com released an online poll
asking which was the best graduate school in computer science (a dangerous
question to ask over the web!). As is the case with most online polls, IP
addresses of voters were recorded in order to prevent single users from voting
more than once. However, students at Carnegie Mellon found a way to stuff the
ballots using programs that voted for CMU thousands of times. CMU's score
started growing rapidly. The next day, students at MIT wrote their own program
and the poll became a contest between voting "bots". MIT finished with 21,156
votes, Carnegie Mellon with 21,032 and every other school with less than 1,000.
Can the result of any online poll be trusted? Not unless the poll requires that
only humans can vote.
Free Email Services: Several companies (Yahoo!, Microsoft, etc.) offer free
email services. Most of these suffer from a specific type of attack: "bots" that
sign up for thousands of email accounts every minute. This situation can be
improved by requiring users to prove they are human before they can get a free
email account. Yahoo!, for instance, uses a CAPTCHA test of our design to
prevent bots from registering for accounts.
Search Engine Bots: It is sometimes desirable to keep web pages unindexed to
prevent others from finding them easily. There is an html tag to prevent search
engine bots from reading web pages. The tag, however, doesn't guarantee that
bots won't read a web page; it only serves to say "no bots, please". Search
engine bots, since they usually belong to large companies, respect web pages
that don't want to allow them in. However, in order to truly guarantee that bots
won't enter a web site, CAPTCHA tests are needed.
Worms and Spam: CAPTCHA tests also offer a plausible solution against email
worms and spam: "I will only accept an email if I know there is a human behind
the other computer." A few companies are already marketing this idea.
Preventing Dictionary Attacks: Pinkas and Sander have also suggested using
CAPTCHA tests to prevent dictionary attacks in password systems. The idea is
simple: prevent a computer from being able to iterate through the entire space
of passwords.
(Excerpts from http://www.captcha.net/)
--------------------------------------------------------
Final Words
I would like to thank Mr. Trevor Herselman for his ActiveX Wrapper and Mr. Thomas Boutell for his great GD library. Without them this Project is nothing.
I owe you one :-))
--------------------------------------------------------
About Me
Im Shyam Sundar C S from Coimbatore., Tamil Nadu, India. Im studying BE Computer Science and Engg. I mostly play with programming in my computer.
--------------------------------------------------------
Contact NFO
Email: csshyamsundar AT yahoo DOT ie or csshyamsundar AT msn DOT com or csshyamsundar AT gmail DOT com