ankit644.com

Do you think we can stop spammers attacking our websites?

I think, NO! There is no way to stop spammers trying to attack your website, especially when your website starts getting popularity. But there are certain ways to prevent your website from spam attacks. Captcha is a way to fail spammers attacking your website.

Some rubygems are available for Captcha implementation under Ruby On Rails. You can find all of these Captcha rubygems here. Simple Captcha by Expressica.com is very popular Captcha rubygem out of the mentioned. A simple captcha Ruby/CAPTCHA is also good. ruby-recaptcha is another good example. Apart from all these, captchator.com also does provide a very good facility of using captchas in your website, which never requires you to install anything on your server to implement captcha validation.

But, the one I liked best suitable to my needs is Turing. There are number of reasons, why I liked it:

• Easy to install (e.g. gem install turing)
• Easy to configure (e.g. add “require ‘turing’” to config/environment.rb file)
• Easy to implement (check here: example, entire manual can be found here)
• Inbuilt glossary of words, which can be modified to meet individual’s needs, used to pick the random word for captcha images.
• Various images used to pick as random background image for captcha
• And the best part is: automatic removal of captcha images when you validate user input text with image text. (e.g. tc.valid_answer?(id, text))
• No dependency on any website for captcha images or validation. Everything is done locally on the server
• Turing is Licensed under GPLv2

There is no active development on Turing since 2007, however it fulfills most of my needs and works nicely without any kind of problem.

Despite these good features, there are improvement areas:

• Along with making captcha images complex for machines to read, it should be made easy for humans to read.
• OCRs might be able to decode your image text even though the captcha images look distorted.
• Auto-removal of captcha images on the validation, which is being taken care by Turing, but I guess not by others.
• Auto-removal of captcha images on the page unload event. Imagine a spam script continuously reloads a page every second. Your space on the server might get filled up in minutes.
• Accessibility featues for disabled. Some captchas like ruby-recaptcha is successful in this area upto some extent.

I am still trying to find better ways of auto-removal of captcha images on the page unload event. Let me know, if you have got some inputs on it with respect to Turing rubygem.

/Ankit

This entry was posted on Sunday, June 28th, 2009 at 16:54 and is filed under Ruby On Rails. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.