Protect Your Images from Bandwidth Leeching with captcha
Let's apply the use of an HttpHandler to a real-world example. Imagine that you're analyzing your server
logs, and you find that you have an enormous number of referrals from some site that you don't recognize. You check out the URL of the referrer and discover that some jerk is deep-linking to one of your prize photos of the Grand Canyon. The high-resolution photo is costing you 150kb toward your bandwidth limit on every request. It also demonstrates a high disregard for copyright.
To combat the problem, we'll develop an HttpHandler that checks to see if incoming requests for .jpg files came from your own site, not someone else's. If the referrer is either blank (the URL of the image was entered into a new browser window directly) or from someone else's site (your leeching friend), we'll serve an alternate image indicating that the user should visit your site directly for the photograph.
Listing 8.4 shows the finished class, as well as the web.config settings to make it work.
ASP.NET CAPTCHA Control Component 2.0 description
Listing 8.4. Anti-image leeching HttpHandler
C#
using System;
using System.Web;
public class JpgHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
string FileName = context.Server.MapPath(context.Request.FilePath);
if (context.Request.UrlReferrer.Host == null)
{
context.Response.ContentType = "image/JPEG";
context.Response.WriteFile("/no.jpg");
}
else
{
if (context.Request.UrlReferrer.Host.IndexOf("mydomain.com") > 0)
{
context.Response.ContentType = "image/JPEG";
context.Response.WriteFile(FileName);
}
else
{
context.Response.ContentType = "image/JPEG";
context.Response.WriteFile("/no.jpg");
}
}
}
public bool IsReusable
{
get
{ return true; }
}
}
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<httpHandlers>
<add verb="*" path="*.jpg" type="JpgHandler, captchaDll" />
</httpHandlers>
</system.web>
</configuration>
image is turned into a new browser window
Delete the CAPTCHA
1 <SCRIPT LANGUAGE = "JavaScript">
2
3 // Get the window object where the context menu was opened.
4 var oWindow = window.external.menuArguments;
5
6
7 if(oWindow.location.host == "blogs.microsoft.co.il")
8 {
9 var oDocument = oWindow.document;
10 for(var i = 0; i < oDocument.all.length; i++)
11 {
12 if(oDocument.all[i].clientvalidationfunction != null)
13 {
14 if(oDocument.all[i].clientvalidationfunction == 'ValidateCaptcha')
15 {
16 oDocument.all[i].clientvalidationfunction = '';
17 break;
18 }
19 }
20 }
21 }
22 </SCRIPT>
A CAPTCHA or Captcha is a type of challenge-response test used in computing as
an attempt to ensure that the response is not generated by a computer.
The process usually involves one computer a server asking a user to complete a
simple test which the computer is able to generate and grade.
Because other computers are supposedly unable to solve the CAPTCHA,
any user entering a correct solution is presumed to be human.
Public Sub ProcessRequest(ByVal context As System.Web.HttpContext) _
Implements System.Web.IHttpHandler.ProcessRequest
Dim app As HttpApplication = context.ApplicationInstance
'-- get the unique GUID of the captcha captchanet;
' this must be passed in via querystring
Dim strGuid As String = Convert.ToString(app.Request.QueryString("guid"))
Dim ci As CaptchaImage
If strGuid = "" Then
'-- mostly for display purposes when in design mode
'-- builds a CAPTCHA i captchanet i mage with all default settings
'-- (this won't reflect any design time changes)
ci = New CaptchaImage
Else
'-- get the CAPTCHA captchanet from the ASP.NET cache by GUID
ci = CType(app.Context.Cache(strGuid), CaptchaImage)
app.Context.Cache.Remove(strGuid)
End If
'-- write the image to the HTTP output stream as an array of bytes
ci.Image.Save(app.Context.Response.OutputStream, _
Drawing.Imaging.ImageFormat.Jpeg)
'-- let the browser know we are sending an image,
'-- and that things are 200 A-OK
app.Response.ContentType = "image/jpeg"
app.Response.StatusCode = 200
app.Response.End()
End SubA new CAPTCHA captchanet image will be generated, and the image streamed directly to the browser from memory. Problem solved!
However, there's another problem. There has to be communication between the HttpHandler responsible for displaying the image, and the web page hosting the control -- otherwise, how would the calling control know what the randomly generated CAPTCHA text was? If you view source on the rendered control, you'll see that a GUID is passed in through the querystring
Implements System.Web.IHttpHandler.ProcessRequest
Dim app As HttpApplication = context.ApplicationInstance
'-- get the unique GUID of the captcha captchanet;
' this must be passed in via querystring
Dim strGuid As String = Convert.ToString(app.Request.QueryString("guid"))
Dim ci As CaptchaImage
If strGuid = "" Then
'-- mostly for display purposes when in design mode
'-- builds a CAPTCHA i captchanet i mage with all default settings
'-- (this won't reflect any design time changes)
ci = New CaptchaImage
Else
'-- get the CAPTCHA captchanet from the ASP.NET cache by GUID
ci = CType(app.Context.Cache(strGuid), CaptchaImage)
app.Context.Cache.Remove(strGuid)
End If
'-- write the image to the HTTP output stream as an array of bytes
ci.Image.Save(app.Context.Response.OutputStream, _
Drawing.Imaging.ImageFormat.Jpeg)
'-- let the browser know we are sending an image,
'-- and that things are 200 A-OK
app.Response.ContentType = "image/jpeg"
app.Response.StatusCode = 200
app.Response.End()
End SubA new CAPTCHA captchanet image will be generated, and the image streamed directly to the browser from memory. Problem solved!
However, there's another problem. There has to be communication between the HttpHandler responsible for displaying the image, and the web page hosting the control -- otherwise, how would the calling control know what the randomly generated CAPTCHA text was? If you view source on the rendered control, you'll see that a GUID is passed in through the querystring
Produce a captcha image for an aspx web page
A CAPTCHA is a program that can generate and grade tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs can't:
This program demonstrates a sample code to implement Captcha in ASP.net using An ASP.NET server control and GDI.
CAPTCHA control's layout with template approach
CAPTCHA suffers from many problems. First, it is often very unethical - it unnecessarily discriminates against blind and otherwise visually impaired people.
Many sites offer audio as alternative - while such measure lets blind but hearing people in, it still discriminates against smaller minority of impaired and is thus still ethically unacceptable. And heither is it acceptable technically - it lets computers in (computers can recognize voice rather well, especially if trained to specific voice or samples. Unlike a human who hears such CAPTCHA for first time).
Secondly, CAPTCHA is not always very good at keeping spam away because computer software already can, generally speaking, recognize letters as well as humans, and computer itself has plenty of advantages over human. Often you see a misguided attemt at making CAPTCHA harder - for example, low text-to-background contrast or bad color combination does nothing to stop computer, but makes it harder to read for human. Often, human don't know how many letters should be there, and random lines may look like yet another distorted letter; whereas captcha-breaking software would know how many letters are supposed to be in this captcha, and when detecting more letters, can eliminate the least likely. Some letters in common fonts differ too little to be reliably recognized by human when distorted (such as 0,O ; I,l,i,!,j ; vv,w and so on). Humans recognize heavily distorted letters in handwriting based on the context, but letters in CAPTCHAs lack context.
All the above, in combination, often results in a CAPTCHA that computer can, in principle, recognize better than human. Furthermore computer does not get tired and can keep trying even if it succeeds only once per ten attempts.
Thirdly, CAPTCHA turns away undecided visitors, and may very well result in loss of revenue.
You can read the wikipedia article linked above for good overview of problems with CAPTCHA.
But wait, I hear you think, how it happens that CAPTCHAs 'work' even though the principle is flawed? Very simply. It takes effort to make spambot that passes through CAPTCHA; as long as different sites use different CAPTCHAs, it is not very useful for spammer to break some specific CAPTCHA. Furthermore, once CAPTCHA is broken, it can be replaced. CAPTCHA works by wasting time and money on software that is forcing spammer to waste time and money, and hoping that spammer runs out of time and money first; if you have CAPTCHA you're mostly wasting other people's time rather than yours so the deal seems far more viable than it really is.
SAPTCHA.
SAPTCHA stands for Semi Automatic Public Turing Test to Tell Computers and Humans Apart.
The key concept is same as with CAPTCHA: user is presented with test question or instructions and must give correct answer to use resource. Main difference is that computer does not try to automatically generate "unique" test questions on each query; only verification of answer is automatic. Instead, unique test question and answer[s] are set by moderator or owner when SAPTCHA is installed, and are changed every time spamming happens.
SAPTCHA is proposed as more accessible alternative to CAPTCHA that may replace CAPTCHA in services such as most blogs and forums. SAPTCHA works as lightweight CAPTCHA.
The concept follows from observation that there are many cases where automated generation of unique test question or image does not add any security - spammer do not need to pass test more than once on same forum or blog. Often, there's no human spammer interacting with website at all [Indeed, every blog or site owner would love to believe that his site is so important that it is spammed personally, in a very weird way whereby rather than just reading the image with eyes, spammer would write visual recognition software, but that's in fact not happening :-)]. In such cases, static question can't be worse at stopping bot than dynamic OCAH Hebron from hebrew .
Human generated questions have much broader diversity and are thus harder for computer to answer. Parsing arbitrary sentences is an unsolved problem, unlike distorted letter recognition which is a solved problem. It must be also noted that CAPTCHA itself is not really "completely automatic" - human has to write and maintain CAPTCHA software, and update it every time it is broken.
Human generated questions have much broader diversity and are thus harder for computer to answer. Parsing arbitrary sentences is an unsolved problem, unlike distorted letter recognition which is a solved problem. It must be also noted that CAPTCHA itself is not really "completely automatic" - human has to write and maintain CAPTCHA software, and update it every time it is broken.
Example questions: User is given instruction like "write [no i'm not a computer!] in this text field" or "write 'i'm human' in reverse" or "write[or copy-paste] web address of this page there" (please don't use too similar things. No default questions and answers. Think up something yourself. Don't try to be clever. It should be not more complex to understand and do than rest of registration, and thus shouldn't decrease website's accessibility(!). It's better if answer is more than 1 character long.)
Bots can try to understand text written by human in normal language (very hard problem in AI) or try to guess (some delay can make it pointless) or try some common test answers if any (then, common test questions and answers will disappear)
Spammer have to manually answer the question to start spamming. This is exactly same problem as with CAPTCHA at registration. Similarly to CAPTCHA at registration, human invervention is necessary to stop spam. - account must be banned and for SAPCHA question must be changed.
In a way, SAPTCHA can be viewed as light weight disposable CAPTCHA captchanet test that is cheap to replace when it get compromised.
ASP.NET server control to the project "captchan.ashx"
captchane project not invalid captcha ne captchane
Add the following code to it
<%@ WebHandler Language="C#" Class="captcha" %>
using System;
using System.Web;
using System.Drawing;
using System.Web.SessionState;
public class captcha : IHttpHandler, IRequiresSessionState
{
public void ProcessRequest (HttpContext context) {
context.Response.ContentType = "image/jpeg";
CatpchaImage captcha = new CatpchaImage();
string str = captcha.DrawNumbers(5);
if (context.Session CatpchaImage.SESSION_CAPTCHA == null) context.Session.Add(CatpchaImage.SESSION_CAPTCHA, str);
else
{
context.Session CatpchaImage.SESSION_CAPTCHA = str;
}
Bitmap bmp = captcha.Result;
bmp.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
}
public bool IsReusable {
get {
return true;
}
}
}
capthanet,capthanet.it,captchanet,
captcha.;net, captcha;.net, captcha..net, captchanet, captcha.het. captcha.nhet, captcha.hnet, captcha.jet, captchane,captcha.njet, captcha.jnet ,Captcha.net - Captcha,/captchanet/
captchan.est; captchan.ets; captchan.tse; captchan.tes; captchanes.t; captchanest. captchane.st;
captchane.gl;,captcha ne captchane.
Free CAPTCHA ,CAPTCHA.NET
Bots are the Problem and CAPTCHA is the Solution
With the exponential growth of online services and businesses, website security has become a serious concern for webmasters and web application developers.
The Problem: Bots
Many software programs are written and used to impersonate human beings, mimic their surfing patterns, and imitate their online activities for various malicious purposes. These "pretending to be human" programs are referred to as bots (short for "robots"), spambots or spam bots (since they are most commonly used for spamming).
The Solution: CAPTCHA
Lanapsoft CAPTCHA.NET Captcha is an efficient out-of-the-box security solution designed to deal with this threat, available as an ASP.NET Captcha Control for .NET web applications, or an ASP Captcha Component for Classic ASP forms.
Using Captcha images specifically designed to be out of the reach of currently available computer vision and OCR technologies, bots can be prevented from accessing protected website functionality.
While computer programs cannot read the textual code from the image, it is easy to read for most humans. So the answer to the webmaster's question "is the current client submitting this page a real person, and not a bot?" will be the same as the Captcha validation result.
CAPTCHA.NET Sound CAPTCHA Examples
Robot
Scratched
Synth
Workshop
To keep websites accessible to the blind and people with impaired vision – for whom reading the Captcha images could be a problem – CAPTCHA.NET also provides a sound Captcha alternative, pronouncing the textual code to users who prefer to hear it.
• More CAPTCHA image & sound examples...
CAPTCHA.NET CAPTCHA Applications
• Prevent automated spam submission: CAPTCHA.NET Captcha images ensure that an email, blog comment, forum post, guestbook entry or social networking message is sent by a human, not a bot
• Prevent automated registrations: CAPTCHA.NET Captcha images block bots that sign up for thousands of email, forum or social networking accounts every minute
• Prevent automated friend requests: CAPTCHA.NET Captcha images block bots that send thousands of fake friend requests on social networking and instant messaging sites every minute
• Secure login pages: CAPTCHA.NET Captcha images prevent dictionary attacks and brute force attacks trying to guess login information
• Block malicious crawlers: CAPTCHA.NET Captcha images guarantee that bots trying to leech content or find vulnerabilities to exploit won't access protected website sections
• Prevent poll manipulation: CAPTCHA.NET Captcha images protect online polls by ensuring only humans can vote and automated voting scripts can't manipulate the results
• Prevent resource harvesting: CAPTCHA.NET Captcha images protect online games and virtual worlds with economic systems from automated virtual resource ("gold") harvesting
• Prevent cheating in contests: CAPTCHA.NET Captcha images protect skill-based online games from fraudulent users who employ bots to achieve unfair advantage over other players
disable validar in moss share point wss
if
{
{
((
} ((SPContext.Current.FormContext.FormMode == SPControlMode.Edit || SPContext.Current.FormContext.FormMode == SPControlMode.New))for (int i = 0; i < this.Page.GetValidators("Step1").Count; i++)Control)this.Page.GetValidators("Step1")[i]).Visible = false;}
if
{
Page.ClientScript.RegisterStartupScript(
}
BtnOpenPopUp.Attributes.Add( (!Page.ClientScript.IsStartupScriptRegistered("RasePopupJS"))
string js = @"<script language='javascript' type='text/javascript'> " +"function alertsScrollUp() { " +"var newtop = 7; " +"$('#id).css({top: newtop+'px'});" +"} " +"</script>";
Page.ClientScript.RegisterStartupScript(this.GetType(), "RaseAlertsPopupJS", js);this.GetType(), "RasePopupJS", js);string Css ="];string popupStr = string.Format("javascript:OpenPop('{0}','{1}')
;
alertsScrollUp(); return false;", ConfigurationAssist.Pages.xxx+ "?Css=" + Css, "600px");"onclick", popupStr);
if($("[id$='checkboxId']").attr('checked') )
Bots are the Problem and CAPTCHA is the Solution
With the exponential growth of online services and businesses, website security has become a serious concern for webmasters and web application developers.
The Problem: Bots
Many software programs are written and used to impersonate human beings, mimic their surfing patterns, and imitate their online activities for various malicious purposes. These "pretending to be human" programs are referred to as bots (short for "robots"), spambots or spam bots (since they are most commonly used for spamming).
The Solution: CAPTCHA
Lanapsoft CAPTCHA.NET Captcha is an efficient out-of-the-box security solution designed to deal with this threat, available as an ASP.NET Captcha Control for .NET web applications, or an ASP Captcha Component for Classic ASP forms.
Using Captcha images specifically designed to be out of the reach of currently available computer vision and OCR technologies, bots can be prevented from accessing protected website functionality.
While computer programs cannot read the textual code from the image, it is easy to read for most humans. So the answer to the webmaster's question "is the current client submitting this page a real person, and not a bot?" will be the same as the Captcha validation result.
CAPTCHA.NET Sound CAPTCHA Examples
Robot
Scratched
Synth
Workshop
To keep websites accessible to the blind and people with impaired vision – for whom reading the Captcha images could be a problem – CAPTCHA.NET also provides a sound Captcha alternative, pronouncing the textual code to users who prefer to hear it.
• More CAPTCHA image & sound examples...
CAPTCHA.NET CAPTCHA Applications
• Prevent automated spam submission: CAPTCHA.NET Captcha images ensure that an email, blog comment, forum post, guestbook entry or social networking message is sent by a human, not a bot
• Prevent automated registrations: CAPTCHA.NET Captcha images block bots that sign up for thousands of email, forum or social networking accounts every minute
• Prevent automated friend requests: CAPTCHA.NET Captcha images block bots that send thousands of fake friend requests on social networking and instant messaging sites every minute
• Secure login pages: CAPTCHA.NET Captcha images prevent dictionary attacks and brute force attacks trying to guess login information
• Block malicious crawlers: CAPTCHA.NET Captcha images guarantee that bots trying to leech content or find vulnerabilities to exploit won't access protected website sections
• Prevent poll manipulation: CAPTCHA.NET Captcha images protect online polls by ensuring only humans can vote and automated voting scripts can't manipulate the results
• Prevent resource harvesting: CAPTCHA.NET Captcha images protect online games and virtual worlds with economic systems from automated virtual resource ("gold") harvesting
• Prevent cheating in contests: CAPTCHA.NET Captcha images protect skill-based online games from fraudulent users who employ bots to achieve unfair advantage over other players
disable validar in moss share point wss
if
{
{
((
} ((SPContext.Current.FormContext.FormMode == SPControlMode.Edit || SPContext.Current.FormContext.FormMode == SPControlMode.New))for (int i = 0; i < this.Page.GetValidators("Step1").Count; i++)Control)this.Page.GetValidators("Step1")[i]).Visible = false;}
if
{
Page.ClientScript.RegisterStartupScript(
}
BtnOpenPopUp.Attributes.Add( (!Page.ClientScript.IsStartupScriptRegistered("RasePopupJS"))
string js = @"<script language='javascript' type='text/javascript'> " +"function alertsScrollUp() { " +"var newtop = 7; " +"$('#id).css({top: newtop+'px'});" +"} " +"</script>";
Page.ClientScript.RegisterStartupScript(this.GetType(), "RaseAlertsPopupJS", js);this.GetType(), "RasePopupJS", js);string Css ="];string popupStr = string.Format("javascript:OpenPop('{0}','{1}')
;
alertsScrollUp(); return false;", ConfigurationAssist.Pages.xxx+ "?Css=" + Css, "600px");"onclick", popupStr);
if($("[id$='checkboxId']").attr('checked') )
