What is Captcha?
CAPTCHA is the abbreviation for Completely Automatic Public Turing test to tell Computers and Humans Apart. Basically, CAPTCHA is used to distinguish between humans and bots so as to prevent DoS, DDoS or buffer overflow attacks since such attacks usually implement bots to send multiple requests. CAPTCHA is a random combination of alphabets, numbers and/or special characters that are visible to the user on the screen. Sometimes, CAPTCHA can also be in form of a set of images where the user has to select specific images showing some specific objects. When the user replicates the CAPTCHA as it is, or fulfils the condition specified in the CAPTCHA, then the user is considered to be a genuine human user and is allowed to submit the form or request.
Why is CAPTCHA important?
Implementation of CAPTCHA helps in preventing spam form submissions that may lead to DoS or Buffer Overflow attacks. Normally, forms on the pre-login pages such as 'create user form' do not require user authentication. However, these forms get stored on the server. Attackers take benefit of this fact and use a bot to submit multiple requests causing a Dos attack or a buffer overflow attack which may lead to the website getting slow or eventually getting crashed. In order to prevent such attacks, CAPTCHA is implemented on pre-login pages.
How to implement CAPTCHA?
Following points should be considered while implementing CAPTCHA: