Captcha - a common way to fight automated submissions

Our days computers and Internet have evolved to the point when software tools ( such as standalone programs or web scripts ) can perform automated task on the web, such as navigating from website to website ( spiders ) filling and submitting web forms.

This task was difficult many years ago, and people did not thought much about it back then. But now, with the increasing amount of SPAM and the advanced script languages, many hackers and spammers are writing and using scripts to automatically fill and submit forms.

Many sites ( all the major ones ) are using a way to block automated submissions that is constantly growing in popularity: CAPTCHA.

A CAPTCHA (an initialism for "Completely Automated Public Turing test to tell Computers and Humans Apart", trademarked by Carnegie Mellon University) is a type of challenge-response test used in computing to determine whether or not the user is human.

A common type of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen. This usualy ensures that only humans can enter the correct answer, because is difficult ( but not impossible! ) for machines to extract the letters and digits from the image.

CAPTCHAs are common used expecially on web forms, where the user is about to enter some sort of information, such as an URL, a comment, a post, or to signup for some service, this will prevent automated software from performing actions such as: posting to blogs or forums, doing a large number of junk automated submissions, signups.

CAPTCHAs are by definition fully automated, requiring little human maintenance or intervention in administering the test. This has obvious benefits in cost and reliability.

How Captcha Works.

The website needs to generate a new, unique captcha image every time the page containing the web form is visited; this image will NOT contain the letters and digits in any part of the html code of the page. A common mistake of captcha images is to contain the code displayed also in the filename of the image ( ex. , where SAQSKO is the code that must be entered by the visitor ).
The Captcha images are generated by a script ( usualy made in PHP ) which choses a Random string of letters and digits, a random font ( out of several ), and some random noise to be displayed on the image, and then creates a new image with these.