WebForms Captcha Overview
It is so easy to prevent your online forms from automated spam by simply adding RadCaptcha to your ASP.NET application. A flexible website security component, RadCaptcha will protect your registration, comment, poll, content submission, and so on. It generates distorted images of letters and numbers that are easily decipherable to humans, but not to spam bots. In essence, it allows you to focus on your code or content, instead of on deleting spam.
The Captcha is part of Telerik UI for ASP.NET AJAX, a
professional grade UI library with 120+ components for building modern and feature-rich applications. To try it out sign up for a free 30-day trial.
Strategies for protection against automated form submissions
Telerik's RadCaptcha control provides two major strategies for protection against automated form submissions:
-
Image with modified symbols. They are displayed in a form, and the user is required to input the symbols in a textbox. If the input is correct, the control validates that the user is not a robot because it is not yet possible for robots to identify distorted symbols. This is the most secure method to protect from comment spam. There is a set of properties that characterize the image:
Noise factors – background, line, font warping
Image – height and width
Text – font family name, set of characters, number of characters
CAPTCHA session expiration time
CAPTCHA error message to be displayed if the entered value was incorrect
-
Automatic Robots Discovery – this strategy uses predefined rules which decide whether the input comes from a robot or not. This strategy is not 100% secure and some sophisticated robots may pass it. The Sitefinity administrator is allowed to decide which of the predefined rules to use. At this point, there are two implemented rules that could be applied either separately or simultaneously:
Minimum form submission time – the presumption is that a human cannot input the fields in a form correctly for a time less than 3 seconds (this is set by default, and could be modified). If the submission is executed faster than the predefined value, it is assumed that the executor is a robot.
Invisible textbox in the form (the so-called “honeypot”) – this rule requires the insertion of a textbox which is not visible when the form is styled. Still, it will be detected by a robot, and therefore if any data is entered, the executor is considered to be a robot. An invisible label is also used to instruct humans not to fill in the textbox. This is necessary in case the styles are turned off and the textbox becomes visible, or in case a screen reader is used for disabled people.