BotDetect CAPTCHA General FAQ
I. CAPTCHA
- May I know in detail how does BotDetect Captcha work in blocking bots?
- Is BotDetect Captcha effective against email form hijacking?
- Does BotDetect Captcha block search engine bots?
- Would BotDetect Captcha protect us against email harvesting bots?
- How random is the Captcha image generation process? The system we are bringing up is likely to get some very serious brute force attempts. We will be using hosting companies and I am a little worried that they will not review logs correctly, so it may go unnoticed.
- I have read that there was an application that won a Captcha defeating competition, that could learn new Captcha types automatically. How likely is that with the BotDetect Captcha?
II. Usage
- Will BotDetect Captcha protection work right within an existing registration page? Or does it need to be a separate step/page?
- Our application has already been developed using Captcha source code available on the Internet. Would we be able to replace that code with the BotDetect Captcha without disturbing the application as such?
- Some Captcha images seem hard to read due to
"BotDetect"
text added to the background. How do I improve their readability? - Using your free version, I see that many Captcha sounds just say
"sound demo"
. Is this something that goes away with a paid version? - How do I remove the link to your site from the Captcha image?
- Prior to purchasing the BotDetect Captcha, I would just like to know whether it's a program (like MS Works, Dreamweaver, etc.), or if I have to upload it to the server and work from there?
III. Source Code
- What language is the source code provided in for the BotDetect Captcha product?
- Do we have a right to modify the purchased BotDetect Captcha source code? If we have the rights to modify the software are there any conditions attached?
IV. Ordering and Payment
- How can I order your product?
- How secure is payment with the share-it service?
- How many software authors use share-it! today?
- What types of payment do you accept?
- How do you deliver your products?
- Can you explain the licensing options?
I. CAPTCHA
May I know in detail how does BotDetect Captcha work in blocking bots?
BotDetect™ Captcha is a server-side control that generates images containing a random textual code, which is distorted in a way to make it unreadable by current AI.
So basically, actual people can read the code from the image, but various automated tools can't.
When you add the BotDetect Captcha image on a form and have the user type in the embedded characters, the server-side control also validates their input, checking do the codes match.
In principle, the answer to the question "is the current client submitting this page a human visitor, or a bot?" should be the same as the Captcha validation result.
Is BotDetect Captcha effective against email form hijacking?
Yes. In fact, using Captcha protection is the recommended solution for email form hijacking.
Does BotDetect Captcha block search engine bots?
- Using the BotDetect Captcha on a web-page doesn't block search engine bots from accessing that page.
- All pages that can only be accessed after successful BotDetect Captcha validation will not be crawlable by any bots.
- The above assumes there aren't any direct links to the protected page, bypassing the Captcha validation. Ideally, the protected page will check for direct visits, and redirect all clients that didn't solve the Captcha back to the challenge.
Would BotDetect Captcha protect us against email harvesting bots?
You should not use Captcha images to protect your email from harvesting bots. Those bots generally can't deal with images at all, because they must run across many websites/pages and it's inefficient to analyze every picture they find and check does it possibly contain an email address.
Algorithm security is important when you defend against automated-registration bots which attack specific Captcha images on specific web pages. They a-priori do know which images contain text (the Captcha images!) and attack those particular images.
So:
- Obfuscating your email addresses in a Captcha image doesn't make any security difference: any kind of image provides good enough security, as long as it's not obvious that a particular image contains an email address.
- Obfuscating your email addresses with Captcha images will significantly complicate life for everyone who wants to contact you.
- We strongly recommend you not to obfuscate email addresses in any Captcha-like way.
- Instead of providing your email address on a web page at all (in plain text, or as an image), you could have an interactive "contact us" form which will not divulge your email address, and will require the user to solve a Captcha challenge before sending you a message.
How random is the Captcha image generation process? The system we are bringing up is likely to get some very serious brute force attempts. We will be using hosting companies and I am a little worried that they will not review logs correctly, so it may go unnoticed.
I have read that there was an app that won a Captcha defeating competition, that could learn new Captcha types automatically. How likely is that with the BotDetect Captcha?
We have a whole article dealing with this topic: Can Captcha be broken? (and what can we do about it).
II. Usage
Will BotDetect Captcha protection work right within an existing registration page? Or does it need to be a separate step/page?
It will work within an existing registration page.
Our application has already been developed using Captcha source code available on the Internet. Would we be able to replace that code with the BotDetect Captcha without disturbing the application as such?
Our product is a software component and it is application-independent. So, it is possible to plug it into any kind of website or web application as long as all of the platform requirements are met.
Some Captcha images seem hard to read due to "BotDetect"
text added to the background. How do I improve their readability?
The BotDetect trademark is only added to Captcha images generated by the free version of BotDetect, as explained in the free version limitations. It will be removed if you purchase a license.
Using your free version, I see that many Captcha sounds just say "sound demo"
. Is this something that goes away with a paid version?
Yes, "sound demo"
is only used in the free versions of BotDetect Captcha, as explained in the free version limitations.
How do I remove the link to your site from the Captcha image?
The Captcha image link can be fully customized or removed using BotDetect configuration (
PHP,
ASP.NET,
Java, and
ASP Classic).
However, this option is not available in the free version (as explained in the
free version limitations).
Prior to purchasing the BotDetect Captcha, I would just like to know whether it's a program (like MS Works, Dreamweaver, etc.), or if I have to upload it to the server and work from there?
BotDetect is a software component – a reusable unit of software which can be incorporated with your website or web application. Typically, you install it on your computer during development, and then upload it to the server with the rest of your website.
III. Source Code
What language is the source code provided in for the BotDetect Captcha product?
- BotDetect ASP.NET Captcha is implemented as a set of ASP.NET Custom WebForm, Web Pages and MVC Controls, written in C#. Example projects are written in JavaScript (including JQuery and Ajax), VB.NET, and C#.
- BotDetect Java is implemented using pure (SE6+ compatible) Java with bunch of JSP, JSF and Spring and JavaScript, Ajax, JQuery example projects. Maven, Gradle, Ant, and Ant+Ivy builds are included.
- BotDetect ASP Classic Captcha is implemented as a COM component written in C# (using the .NET COM wrapper), and an ASP Captcha library written in VbScript. Example ASP Classic projects are written in VbScript but JavaScript, Ajax, and jQuery integration examples are available as well.
- BotDetect PHP Captcha is implemented as a pure PHP 5.2+ library. WordPress, Laravel, CodeIgniter, CakePHP, and Symfony (PHP-based) and JavaScript, Ajax, and JQuery (js-based) integrations are provided as well.
Do we have a right to modify the BotDetect Captcha source code? If we have the rights to modify the software are there any conditions attached?
There are three different License Subscriptions that give you access to the source code: BluePrint, Developer, and OEM.
a) All three give you the right to modify the source code to make it better suit your particular Captcha implementation requirements and then use it on the websites you own.
b) In addition to a), the Developer License Subscription give you the right to distribute (or host from your shared servers on your customer's websites) your application with unmodified captcha runtime built-in.
c) In addition to a) and b), the OEM License Subscription gives you the right to distribute (or host from your shared servers on your customer's websites) your application with such a modified captcha runtime built-in.
But no License Subscription give you the rights to:
d) Distribute the source code -- modified or not,
e) Distribute the non-runtime parts (development elements),
f) Develop products competing with BotDetect either directly, or indirectly by shrinking the market accessible to BotDetect.
For more information please visit our licensing page.
IV. Ordering and Payment
How can I order your product?
You can place orders at our online store. Payment is performed by the share-it! service.
How secure is payment with the share-it service?
What types of payment do you accept?
Buyers are offered a variety of payment options, such as PayPal, credit card (MasterCard, Visa, American Express, JCB, Diners Club), AliPay, Kombini, and corporate purchase orders. You can be invoiced in various currencies, credit card payments are processed within seconds, and you receive your product and license confirmation without delay.
How do you deliver your products?
Captcha, Inc products are available via ESD (Electronic software delivery) only.
Can you explain the licensing options?
Please consult the Licensing Information page.
Current BotDetect Versions
-
BotDetect ASP.NET CAPTCHA
2019-07-22v4.4.2 -
BotDetect Java CAPTCHA
2019-07-22v4.0.Beta3.7 -
BotDetect PHP CAPTCHA
2019-07-22v4.2.5