CAPTCHA AFTER module released!

CAPTCHA After module brings solution to the problem of evaluating security images (commonly known as CAPTCHAs) without decreasing the usability of your site.

Recently we had an interesting request in the project  Natropolis.net. Since the site has a lot of community interaction and some interesting staff of content access control through Organic Groups, it was necessary to protect the website from spammers and spam boots. Therefore, installation of the CAPTCHA module was a natural choice: CAPTCHA is forcing a user to evaluate (for instance) an image representing a short text snippet and to enter that text over keyboard. An example of an CAPTCHA Image can be seen here:

This is a commonly used method for preventing a site to be flooded with automatically created entries, since the computer have certain difficulties in recognizing the letters written this way. On the contrary, human visitors should be capable of doing the same job without problems.

However, it seems that some people actually have difficulties with the usage CAPTCHA. At the very end, this requires that users of the site must spend some extra time with evaluation of the CAPTCHA image. That alone can be a trigger for them to leave the web site – which should be prevented. On the other side, disabling the CAPTCHA protection totally invites site visitors with malicious intentions.  

CAPTCHA After module brings those two requirements in the balance: it allows human visitors to fill the web form with input data without evaluating the CAPTCHA image. If however malicious software (or user) is to be suspected because the total number of submitted forms, the CAPTCHA will be activated.

The administrator of the site has several capabilities when it comes to fine tuning of the “suspicious” situation:

1. CAPTCHA After  can be activated only for selected forms on the site. Remember that only forms protected through the CAPTCHA can also be configured further through the CAPTCHA After
2. CAPTCHA After has also several thresholds that model different scenarios with malicious site visitors, targeting humans and automatic spam boot programs:
   1. CAPTCHA After submit threshold: Number of times a user (based on Session ID) is permitted to submit non-valid data into the form before starting to protect form with CAPTCHA. Enter 0 to disable CAPTCHA After functionality.
   2. CAPTCHA flooding threshold: Number of times a visitor (identified through hostname/IP) is allowed to submit a protected form during one hour before starting to protect form with CAPTCHA. This is useful for protecting against repeated (but valid) submissions. Enter 0 to disable this behavior.
   3. CAPTCHA global flooding threshold: Number of times ALL site visitors are allowed to submit a protected form within an hour before starting to protect form with CAPTCHA. This is useful for protecting against flooding from multiple IPs. Enter 0 to disable this behavior.  

I hope that you will find the CAPTCHA After module useful. The module itself and further documentation can be found here:

http://drupal.org/project/captcha_after