Connect the Dots CAPTCHA

Remember the game Connect the Dots we used to play as kids? It was fun and easy and you could color the pretty bunny after you were done.
This gave me an idea – a computer program doesn’t know how to play Connect the Dots very well unless it’s programmed to do just that. A computer program meant to crack normal CAPTCHAs would simply start listing the numbers appearing near the dots as the solution and be done with it.

To the left of this text you can see the output of a little program I created in a couple of hours. Given the dot coordinates for letters (on a 4×5 grid), it creates bitmaps of words from said letters. For you and me, it might take a few seconds to realize what connecting the dots gets you, but for a computer program it’s extremely hard. Add a few extra difficulties like most of today’s current CAPTCHAs have (geometric shape underlays/overlays, distortion, noise, font changes, etc.) and the fact that no CAPTCHA breaking program would expect it and you might get an (almost) unbeatable CAPTCHA.

If I only could, I’d embed it in my own weblog because comment spam here is horrible.

Advertisements

3 thoughts on “Connect the Dots CAPTCHA

  1. Urgh. No, no, no. Captchas are bad enough, but this? I will simply not leave any comment if I have to spend 4-5 seconds working out a puzzle. I’m sorry, but the solution for comment spam is NOT to harass your readers.
    I don’t know about you, but CommunityServer filters out 99.9% of the spam I get on weblogs.asp.net. I get 5-6 “possible spams” a week that I get notifications of, but these are also automatically blocked. I haven’t had a spam message get through since the week after the upgrade. YMMV, but this is certainly not a good solution,

  2. Bayesian filtering and CAPTCHAs are good to a degree. You can see that spammers are already beginning to beat them – just today a comment that was spam didn’t even receive the “possible spam” tag from CS.
    There has to be a way to differenciate between “good” comments and “bad” comments. CAPTCHAs are a big nuisance, I’ll grant you that, but sometimes they are a necessary evil.

  3. Is there really a problem of spambots bypassing CAPTCHAs right now? Or is it just the unprotected blogs that are hit? No need to overcomplicate something that isn’t the entry vector in the first place.
    And I’ll say again – readers will only put up with so much hassle before they’ll simply move on.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s