ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

How CAPTCHA Is Used To Block Bots, And Why We Do Not Recommend Using It

What are bots

The Completely Automated Turing test to tell Computers and Humans Apart (CAPTCHA) was introduced to differentiate between genuine users and bots that have a negative impact on your online business. A CAPTCHA can protect your website by generating tests or puzzles that humans can pass, but bots can’t. Early CAPTCHAs displayed distorted letters, numbers, and words which can be read by humans but not by bots. Later versions show an assortment of images, from which users must select all the images that show a particular object such as a storefront or traffic signals. While they have proven to be useful in the battle against bots, it is essential to know when to use and when not to use them.

How and Where CAPTCHA is Used

To prevent comment spam

Malicious bots spam your website forms with unwanted messages and advertisements. They interfere in genuine user interactions and frustrate your users. If you have a website targeting a particular audience and you make use of comment forms, enabling CAPTCHA is one of the basic ways to prevent comment spamming to an extent. The downside is that it is presented to both genuine users and bots.

To stop fake registrations

Online businesses use forms for registration and signups and to provide services to their users. Bots usually target such forms and fill them with junk information, which skews the acquisition flow metrics for the business. CAPTCHA is usually implemented to stop such spam registrations from bots, but there are certain sophisticated bots that do bypass CAPTCHA and end up spamming forms.

Why You Should Avoid Using CAPTCHAs to Block Bots

Poor user experience

CAPTCHAs can be sometimes be time consuming and challenging, especially those with more complicated challenges such as text or image identification, which have earned notoriety for annoying users. Users may potentially switch to websites without CAPTCHAs due to frustration.

Not a foolproof remedy against bots

CAPTCHAs may protect your website from less sophisticated bad bots but resorting to CAPTCHAs to address the bot problem is not the best way. CAPTCHAs don’t distinguish between genuine users from bots, and indiscriminately require every visitor to solve them.

Alternatives to CAPTCHA

While it’s true that CAPTCHAs do block simple bots from spamming your website, advanced bots have started bypassing them by using outsourced teams that can even solve them in real-time. The most practical and least intrusive implementation would be to use an automated bot prevention solution that displays a CAPTCHA only when required to block bots. In-house bot detection tools require a lot of time and effort to run, but end up being ineffective due to constantly-evolving bot technologies and attack methods, making it a futile game of whack-a-mole.

More importantly to businesses, in-house solutions generally produce a high number of false positives (mistaking humans for bots) which leads to a poor user experience. Based on the nature and sophistication of bots, webmasters can choose to handle them in other ways including outright blocking, feeding them fake data, throttling or terminating their session, and dropping the connection entirely, among other options.

Related Content



Sorry Google, No CAPTCHA reCAPTCHA doesn't stop bots



Why In-house Bot Detection Fails Online Businesses



The Ultimate Guide to Bot Management


Powered by Think201