How NOT to do CAPTCHAs

Yes, this is a real CAPTCHA that I ran across.

In case it isn't obvious from the picture, or you can't read that small, the text in the CAPTCHA matches the filename, therefore making it trivial to determine what the text says. Further, I tried specifying 6 random characters for the filename and it didn't work, which leads to two possibilities:

  1. The CAPTCHA images are generated and saved in the root Web directory
  2. There are a limited number of generated CAPTCHA images

I can't easily tell which one is actually happening, but in both cases there's a serious issue. And funny, too!

5 thoughts on “How NOT to do CAPTCHAs

  1. Reply

    Big Willie

    Man that is pretty noob! So noob, that the noobs could even tell that its noob.

  2. Reply


    That is pretty funny actually.

  3. Reply

    Joe Anarchy

    Awesome man, just awesome. I wonder where I can get my hands on that captcha lib!

  4. Reply


    That's always the first thing I check when I come across new captchas, but I've never seen the text in the file name before, nice find!

    Not that any OCR-type program would have trouble figuring this one out, that slightly angled v must really throw them off!

  5. Reply

    Ron Post author

    To be honest, this isn't the first time I've seen this. I've also seen people put the right CAPTCHA answer in a cookie or a hidden field.

    The slightly angled 'v' is madness. It's the devil's 'v'!

Leave a Reply

Your email address will not be published.