wjcrowcroft / motioncaptcha Goto Github PK

View Code? Open in Web Editor NEW

824.0 824.0 122.0 184 KB

MotionCAPTCHA jQuery Plugin - Stop Spam, Draw Shapes

Home Page: http://josscrowcroft.com/projects/motioncaptcha-jquery-plugin/

JavaScript 100.00%

motioncaptcha's People

Stargazers

Watchers

Forkers

amitait drewblas gliadis koto druwynings cbmtx ondinahq mikaelfritts gerris romvadik jecons usethekey mharkrollen ekasur fitblip erls-corporation juancarloscruzd monochro 9edge jacobke leison adpothier dineshkummarc lukeddy bronfman alaa13212 berthojoris dhanjugopi martinaust fritoebola berkayy corujeira myusernamejeep mzavatto elbbub kesymaru shimaasamir ftroncosom scottbrimberry indian2020 trungnv84 kollmann burnsjeremy nisal kurniawanchan mlabieniec fhefh2009 mattlocke1 yangxianbin zgs225 whjlou cornerstonewdk jesuitsoft vuquangthinh benegg maxmas inkstill ivanyandy duvanjamid kjin1 facilus cjsforks plugn boatgm malathy89 codernina fanmixco josephkowalski mamjed r1si royyu2898 djodjoni naramura mzaman creimers unikneeraj vijilov xero08 camj256 laito liujunlin danbish e1100x rachmann squigglesworth camusp kabircse turbobuilt sangkyunyoon angelesmu balaa hadryan jinhang khadidjaa lozynskyi jocsonme korom enterstudio sptkcode lv-yi

motioncaptcha's Issues

Add a "switch back to captcha" button.

I have friends who's dyslexia prevents them from following a line with their finger, nothing to do with training or intelligence, its a full blown bonafied disability and asking them to trace a line is pretty much an impossible task as it will take them a very very long time to do if even possible.

Its the only thing that comes to mind regarding these.

with Android

When we use it with Android, and Magnify the canvas,
it does not work, I could not draw any line on canvas.
but if I go back 100% display , it work.
Do you have any reason ?

Kazu

Link Broken

The project link is broken http://www.josscrowcroft.com/projects/motioncaptcha-jquery-plugin/

Maybe it can't work.

Hi, there exists a problem, if we verify whether a user is human or bots in browser, bots can simply ignore the CAPTCHA and send packages the same as a human who passed the CAPTCHA.

Image not showing

The canvas is there but the image to draw is not showing up. I noticed on your demo, the background-position is overwritten and removed by the JS. But in my firebug, I see that the background-position is -9999px -9999px:

mc-canvas {

background-attachment: scroll;
background-clip: border-box;
background-color: #FFFFFF;
background-image: url("motionCaptcha-shapes.jpg") !important;
background-origin: padding-box;
background-position: -9999px -9999px;
background-repeat: no-repeat;
background-size: auto auto;
height: 154px;
width: 220px;

}

Why jQuery?

Maybe is jQuery in this project ok, but much better would be http://angular-ui.github.io/ in case use it in Node.js.
Is there plan to integrate it with this?

Just asking

Last update is 6 years old, it works fine, it recognize good or bad schema, my questions are :

What is wrong with this motion captcha ? Lack of accessibility ? Not mobile friendly ?
Why isn't there more engagement with it? Technical issue that allows bots to pass anyway ?

License Type?

Specifying drawing direction

This may seem rather pedantic, but it would probably help if some text along the lines of "starting from the dot" was added to the caption for the drawing canvas.

For example, the new text could read "Please draw the shape in the box starting from the dot to submit the form:" or something like it.

Can you provide sample files?

Can you provide sample files in your package?
I do not know how to make it work.
Thanks!!

optional defaults: is it "action" or "actionId" ?

seems like the default values ask for 'action' but the code in the JS file is looking for 'actionId' . So after the user successfully draws the right shape, the action parameter of the form can get changed.

Lenient validation

http://cl.ly/2h2K2B3M2p0H2i1z2O2c
http://cl.ly/3z28333n3w230e2S1U0Z
http://cl.ly/2T232H1r2M3g2w0g1G0N
http://cl.ly/140F2R1U291J3v2m1y0Z

Add server-side validation for drawn points

How is this going to stop anything other than “human spammers” (which are close to non-existent compared to spam-bots anyways)? Any decent bot will (in time) just retrieve the “hidden” URL and use it to post it’s spam to. It doesn’t care if it has to parse the action attribute or some other field to get the URL to post the data to.

If you want this to be of any use at all, you’ll need to send the strokes themselves (or a “fingerprint” or “hash” of them) to the server and let the server decide whether the captcha is passed or not.

I'm sorry. I like your idea and out-of-the-box thinking. But it's practical use (fight automated spam) is close to zero.

Get rid of canvas dependency

I started hacking on a simple library for drawing lines with HTML + CSS 3 last night. IE support is possible, right now I'm struggling with the DXImageTransform.Microsoft.Matrix to get the rotation origin right.

It doesn't perform well on very large drawings (the DOM get's fairly large because of many DIV elements), but it could be a good fit for MotionCAPTCHA.

https://github.com/Prinzhorn/draw-line

Images are predefined and insufficient cardinality.

The Captcha has 16 static images to validate with. This is the same folly of many previous captcha systems.

Even if there were 10,000 images, the same issue would occur.

A simple check for which image is presented can be defeated by passing the correct data points, even when you reach your road map's v1.0

To give you some quick history on previously broken captchas, they basically MD5'd the image, and passed in the text. You could pay $50 to crack thousands of captchas, and keep spamming wherever you like as you please.

The same issue exists here, you can grep the source to find the image, and return with data that is known to validate..