BotDetect CAPTCHA Generator

BotDetect™ CAPTCHA generator is a form security solution using Captcha challenges, that are easy for humans but hard for bots, to prevent automated page posting. Bots are kept from accessing protected website functionality using generated Captcha images specifically designed to be out of reach of computer vision and OCR technologies. BotDetect also provides an audio Captcha alternative to keep websites accessible to people with impaired vision, enabling you to make WCAG and Section 508 compliant websites.

CAPTCHA Generator Features

BotDetect CAPTCHA Box
  • 60 secure & readable Captcha image styles
  • 20 secure & accessible audio Captcha sound styles
  • Localized Captcha generation, using various Unicode character sets and multi-language sound pronunciations
  • Custom Captcha image size, format, color scheme...
  • Custom Captcha code length, style, character set, timeouts, generated code filtering...
  • Many other randomization & customization options
  • Compatible with various MVC frameworks
  • Supports extra Ajax Captcha validation for improved form usability, through built-in JavaScript functionality and jQuery validation
  • Works in China
  • And it does not stalk your users and visitors

Why BotDetect?

BotDetect Captcha vs. ReCaptcha

The years of Google’s relentless abuses of their organic and paid search monopolies, and the years of their equally relentless campaign of disinformation and FUD about captchas, took a toll among our former competitors -- there are only two viable players left. Ladies and gentleman, this is 'BotDetect Captcha' vs. 'Recaptcha the Stalker' fight. Please take your seats.

That said, the original Nocaptcha Recaptcha stalker is gone, too. Recently, Google euthanized it.
BotDetect Team: OK Google, the Stalker was neither a captcha, nor was it thwarting bots well.

It is replaced with an even creepier stalker that does not even pretend it is a captcha any more -- aside from keeping the variant of the same misleading name -- the Invisible Recaptcha.
BotDetect Team: OK Google, the Invisible Stalker, we got it. Good luck with that :).

Let's see how we stack up against each other:


The Stalker's audio is broken again :)!
We are not surprised. How about you?

'Whatever Google has in mind to replace its reCaptcha had better be ready soon: ...'

unCaptcha: A Low-resource Defeat of reCaptcha's Audio Challenge

85.15%, in 5.42s! The stalkers learned nothing out of that 2017/03 breach of Recaptcha audio.


Vicarious broke Recaptcha, BotDetect, Yahoo and PayPal captchas.

Vicarious , funded with $134m, couldn't find anything more useful to do. The Timewasters :)!

Brace yourself for a few 'spamfix' releases coming out in rapid succession. Vicarious' timewasters opened the new patching season; the first one after 2006. Sorry, c'est la vie :(.


Recaptcha the Stalker audio cracked!

This time around with a little help from Google's own Speech Recognition API :)


Recaptcha broken by Columbia Uni Trio!

Automatically solved 70.78% of the time through what looks like multiple inherent design flaws. This is the biggie that is going to haunt Recaptcha for years to come.

1) BotDetect Is Secure

BotDetect is unique among Captcha generators in offering many Captcha image and sound styles. While each of them is easily comprehensible to human users, randomly using multiple Captcha generation algorithms makes the generated Captcha challenge extremely difficult to pass automatically.

This approach to Captcha security is validated by the BotDetect track record: since 2004, we have over 3000 paying customers and only a single confirmed case of automated Captcha breaking by ordinary spammers.

2) BotDetect Works in China

BotDetect Captcha works in China -- while Recaptcha does not!

With its 1.3B people China has approximately 20% of the world population and outputs like 16% of the world GDP. The size of China's economy is second only to the size of the US'.

Even if you do not actively target the Chinese market, the chances are that some of your visitors, users, and customers sometimes venture or even reside there. It helps not having Recaptcha breaking your website for them.

However, if you, or your users, do target the Chinese market, making your website fully functional for the visitors from China should be one of the top items on the 'minimum requirements' check-list. Make sure to check it!

3) BotDetect Is Multinationals Friendly

With more than a hundred world languages already supported in the code, and 53 different audio localizations being just a download away, BotDetect Captcha will ensure that your interaction with every local market is done to that particular local market's familiar combination of script and language.

2018/02/15: BDC PHP v4.2.0

2018/02/15: BDC Java 4.0.Beta3.2

2018/02/15: BDC ASP.NET 4.2

2018/02/15: All Technologies

  • Fixed IOS 11.0.2+ audio issues

4) BotDetect Lets You Meet Regulatory

Recaptcha is a 3rd-party stalking service delivered from the cloud that you have no control over; and due to its obfuscation and encryption you can only guess what payload your users get. 'Plug & Pray', one might say.

Contrary, BotDetect runs on your own servers, and its source code is available; thus enabling you to easily meet whatever regulatory or security requirements that are, or might be, imposed on your application or website.

5) BotDetect Is Accessible and Legal on US Government Websites

BotDetect Captcha is both Section 508 and WCAG compliant, and as such legal on the US federal agencies' websites -- unlike Recaptcha, that is just lame-ducking there while awaiting for its Section 508 lawsuit by a disgruntled employee or a user to throw it away.

Why is it like that? It is simple. When you block cookies in your browser, or go into incognito mode, Recaptcha reverts back to the old 'two-words Recaptcha', or to various 'pigs, dogs, and street signs' pictures. And a few things aside from a miracle will make your application using either the 'two-words Recaptcha', or those 'pigs, dogs, and street signs' pictures, able to satisfy this particular Section 508 requirement.

6) BotDetect Will Not Get You Sued Over
the 578 Patent Infringement

As BotDetect does not use those 'pigs, dogs, and street signs' pictures at the centre of the Confident Technologies vs. Ticketmaster case we couldn't be bothered to waste money on lawyers' fees in order to check the merit of the case -- that is on the Ticketmaster's plate.

But, the Confident Tech is not a patent troll; those guys had a product back then; so we opt to assume that they know what they are doing -- albeit we are perplexed that they went after the Recaptcha users, instead of after Google itself.

Note that settling such a suit might cost a small fortune; what is still peanuts compared with how much it would cost to defend it. For Ticketmaster, the Stalker turned out to be an expensive joke.

Ensuring that neither you nor your customers get sued over the 578 patent infringement should be the next item on that 'minimum requirements' check-list. Isn't it?

7) BotDetect Is Both Privacy and National Security Friendly -- It Does Not Spy

Unlike Recaptcha, BotDetect does not operate under 'if it can stalk you then you are human' principles; and will not make your application rejected by the majority of world governments on the grounds of national security; be it on their own websites, or on the websites of their sensitive institutions and industries.

If you have a privacy or national security sensitive website or application and are considering the Stalker, think again:

  • Recaptcha the Stalker refuses to work 'as advertised' if you switch into incognito mode, or block cookies in your browser. It gets annoyed when prevented from stalking. Why?
  • It is owned by Google who already knows who you are; think Gmail, Search, Docs, Play, YouTube, etc. And now, Google can cross-match that data with your activities on all Stalker armed websites.
    Kiss goodbye to both your users' privacy and national security.
  • Its client-side is a .js payload; obfuscated, encrypted, and delivered from the cloud by the party who knows your identity (Google); straight into your browser; completely bypassing servers of the Stalker armed website you are visiting.
    Hm, what could possibly go wrong :)?

In short, Recaptcha is not a captcha, but a stalker disguised as a captcha. By default, it does not check your humanity at all, but fingerprints your browser and cookies and matches it with your past activities across the web. It is a sort of 'Login by Google' -- just a way more dangerous one.

8) Captcha, Inc. Eats Its Own Dog Food

While Google, since 2009, mostly avoided using Recaptcha on its own properties. Why?

A cynic would argue that on its own properties Google already knows who you are so Recaptcha the Stalker was not needed there -- and it does not thwart bots that well anyway.

2017/06/27: EU Fined Google a Record $2.7B for Manipulating Search Results!

'The company demoted rivals and unfairly promoted its own services', says the EU.
'What Google has done is illegal under EU antitrust rules,' said Margrethe Vestager.

Whenever it was about its organic and paid search monopoly abuses, Google showed its catch-us-if-you-can attitude. The EU did the job.

Maybe this $2.7B fine, and the EU's upcoming antitrust investigations, will help Google to evolve its indefensible positions on the matters involved.

9) Captcha, Inc. Does Not Break
Antitrust Laws

While Google exposed itself to huge legal risks, by breaking every rule in the antitrust book, in order to force-feed you Recaptcha the Stalker through the nose.

A product with no known revenues; losing them a fortune each quarter; year after year -- that does not work in China and might get you sued in the US -- and broken so often and so thoroughly; that over the last eight years even Google itself mostly refused to use it.

That is weird, isn't it?

10) Captcha, Inc. Lives Off BotDetect License Sales

But where the Recaptcha money is coming from, in amounts large enough to justify taking the risk of breaking the antitrust laws, is a sort of mystery.

A cynic might ask you to pick your preferred answer:

  • It does not; and at some point Google will pull the plug on Recaptcha completely, as they did with Google Reader and other such products resting in the Google Graveyard.
    BotDetect Team: OK Google, that is called 100% enterprise-ready; a CIO's wet dream :).
  • Some undisclosed parties license the Stalker's data-feed and pay Google a fortune, and then some, so Recaptcha is actually profitable -- and the Stalker is watching you!
    BotDetect Team: OK Google, who are they? And, what do they use the data-feed for :)?

Think for yourself!

BotDetect CAPTCHA Customer References and Testimonials

Over the years, our products became a household name for high-quality Captcha components. Today we are proud to count as our clients, among over 3000 customers: Morgan Stanley, NASDAQ, Intuit, Con Edison, Accenture, Christie's Auctions, EMI Music, McNeil Consumer Healthcare, Swiss Telecom, and many more. And our customers say:

"BotDetect Captcha solution works great, is fast and easy to implement and their customer care is outstanding. After lots of research, I am convinced that you cannot get a better value!"

- Chuck Van Court, CEO & Founder, Fuze Digital Solutions, USA

"Great little dll at a great price."

- Tony Van Vugt

"Fantastic product! Your BotDetect Captcha control saved hours of development time. Within a couple of minutes of purchase, we had a fully enabled Captcha verification system integrated into our registration form!"

- Tomas Salas, PoshPoints LLC, Usa

"Your product is great. It stopped the spambot garbage I was getting on my forms IMMEDIATELY."

- Kevin Owens, Drexel University Chemistry Dept, USA

"There is lots of recommendation about you. I didn't really want to buy a component, but there were no free scripts that were good enough and you were easily the best once I decided to buy something."

- Steve Belton

"You are one of the (few) companies with excellent support!"

- Helge Thomas Hellerud, Oslo, Norway