How does CAPTCHAv2 work?
Last Updated: 2009-07-03
CAPTCHAv2 implements the following features:
- Question/Answer based protection against auto submitting programs.
- Presents a new question after an invalid answer
- Will add the user's IP to the server's .htaccess file after checking if the IP is on the whitelist.
- Gives visitors the ability to remove his/her IP from the blocklist in case of "accidental abuse" or if a dynamic IP, which was previously used by a bot, has been reassigned to a good user.
- Bot trap, this can be used by baiting a bot with a hidden link and if the bot follows it the IP will be added to .htaccess.
- Management interface to simply add, remove and modify questions and answers
- Management interface to add,remove, modify, export and import IP addresses cached.
Question Selection:
CAPTCHAv2 has been designed to be easily implemented and to support multiple languages since it stores everything in UTF-8.
Implementation instructions can be found on the "How can CAPTCHAv2 be used to protect a comment form" page.
Whitelist Feature:
The whitelist feature checks if the IP of an abuser should be blocked or if the offending IP should be allowed to continue.
For example if the Google bot triggers the "add to .htaccess" protection on accident then CAPTCHAv2 will retrieve the whois record for the visitors IP from whois.arin.com (example IP 66.249.66.1).
The important part of the whois record looks like this
OrgName: Google Inc.Now CAPTCHAv2 will scan the record for words which will indicate that this IP should not be blocked to prevent the Googlebot from ending up on the blocklist. At this point the IP will also be added to the cache table to speedup the lookup if the same IP triggers the protection again.
OrgID: GOGL
NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
NetName: GOOGLE
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
The whois lookup function can also detect if Arin does not not handle the IP block and will then attempt to contact the correct whois server to retrieve the record.
No Comments yet .....
Add Your Comment:
Note: All posts require administrator approval. Please allow 24 hours for message approval.