|Think about Loose Coupling
Re: howto: Perl CGI, image with random scewed text for account creationsby hacker (Priest)
|on Mar 13, 2007 at 03:16 UTC
The image issue is a bit at odds with Section 508, especially for blind or deaf users of your site.
I personally like the way Drupal solved it with a captcha alternative (which I use on two of my websites).. they just ask a simple math question in a form, offering an image as an alternative (admin can toggle).
My personal favorite would have to be the one I saw a few years ago (image-based, though you could make it text) that asked you to pick the one item that did NOT match the other 3. You'd be shown 3 fruits and a monkey for example.
You could also go with a multiple choice kind of captcha, like "I like to read a ______ when I relax" and your dropdown could include things like "hat", "apple", "book", and so on.
You could try to put something in session when a GET request is made and when a form is submitted you check the session for that variable. You'd use this to filter out badly-written bots that submit POST requests directly without requesting the parent page first. This is easily defeated by bots that behave like a web browser, however.
Lots of ways to go about it, I'd stick with a text-based one to start, and make it reasonably complex enough not to be easily "guessed".