- 3 different randomly generated background types: grid, squiggles, image blocks (or blank)
- multiple font/color support
- htaccess protected dictionary, fonts and backgrounds
- user definable text fading
- Fixed: Big-endian captcha issues has been tried and tested on both little and big endian systems. Now auto-works on both.
- Fixed: Big Endian issues with captcha system. Added a test which attempts to auto-detect the systems big-endian status. Needs testing on a big-endian system.
freeCap is designed to be as customisable as possible. There are several variables you can change to make the text more readable:
- Change the
- Reduce the chunk factor
- Use more readable fonts
- Alter the fade factor
But bear in mind that increased human readability means decreased OCR-resistance. On the other hand, a CAPTCHA is more often simply a deterrent and the actual theoretical security matters little.
Nothing, my suggestion for accessibility is to allow people to enter their details without passing the CAPTCHA, but send non-captcha’ed submittals to a ‘pending’ queue for manual review. It’s a much much simpler solution that still leaves the site accessible.
'captcha_new_comment' => 1, 'captcha_new_page' => 1, 'captcha_edit_page' => 1, 'captcha_registration' => 1,
For security, they begin with a '
.', which means that Apache won’t allow people to view them directly. Unfortunately, Windows also sees files beginning with a dot as hidden. Make sure that you’re set up to see hidden files in windows explorer (your file browser); go to the ‘Tools’ menu, then ‘Folder Options’, click the ‘View’ tab and make sure “Show hidden files and folders” has a check mark next to it. Press OK and you should see all the fonts and images appear on your local machine – now you can upload them.
Make sure that you have uploaded the fonts (see above), and the dictionary file.
If you have, try changing freecap’s config to use a randomly generated CAPTCHA; if it works after that, make sure the permissions on
.ht_freecap_words are set to
freeCap has built-in brute force detection; this message is shown once a user has tried more than a reasonable amount of times to enter the text. As with almost all freeCap features, this is user-definable; to disable this feature, set $max_attempts to something massive like 999999999999999.
A future version will provide a less hacky way of disabling this feature.
You must have GD installed in order to use freeCap.