OpenCaptcha is an open source, user-friendly, privacy-focused captcha. Currently in pre-alpha.
- Simple to install
- Apply the minimum possible inconvenience to users (https://nearcyan.com/you-probably-dont-need-recaptcha/)
- Respect privacy
- OpenCaptcha is as easy to install as ReCaptcha/hCaptcha
- Depending on your needs, you may configure OpenCaptcha for different level of challenges. The simplest challenges do not require user input.
OpenCaptcha can automatically ramp up difficulty during suspected bot activity or traffic spikesTODO- You can self-host OpenCaptcha so that your user data remains safe with you
You may try out the captcha at https://opencaptcha.lohjine.com
See concepts.md
Current available hosted services:
-
Register at hosted service to obtain a SITE-KEY and SITE_SECRET, as well as configure settings.
-
Add the following two elements to the page/form that you want to protect (e.g. account creation)
<head>
<script src="<URL>/opencaptcha.js"> </script>
</head>
<form>
<div id="opencaptcha" data-site-key="<SITE-KEY>"> </div>
</form>
2.5. On Captcha success, OpenCaptcha adds a field "opencaptcha-response" into your form, this contains an OpenCaptcha response token.
- In your form validation code, send a POST request to /verify with the following parameters:
- response (required): OpenCaptcha response token that was submitted
- site_secret (required): Your SITE_SECRET
The endpoint will return a JSON with the following two fields:
- success (boolean)
- error (string/null) : If success is False, then error will be a string. Possible error strings can be found in flask_core.py
git clone https://github.com/lohjine/opencaptcha
cd opencaptcha
# Edit settings.ini and redis.conf as necessary
vim settings.ini
vim redis.conf
# (Optional, Recommended) Set up python virtualenv and activate it
pip3 install virtualenv && virtualenv venv
source venv/bin/activate
# If Redis backend is desired:
## Set up Redis
bash scripts/setupredis.sh
## Start Redis
bash scripts/startredis.sh
# Install python requirements
pip3 install -r requirements.txt
# Start server.py
python3 server.py &
# Serve app in flask_core.py using your web application stack
# For a wsgi/nginx example, refer to https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uswgi-and-nginx-on-ubuntu-18-04
# Or in dev mode, run:
# python3 flask_core.py
# Proceed with step 2 of Installation section above
Additional requirements for challenge level 7
sudo apt install ffmpeg
# Ensure that ffmpeg is added to PATH
# Place suitable animal/background audio files in challenges/7/audio
# A small set of video files obtained from Pexels are provided.
# A small set of audio files obtained from Zapsplat and Freesound are provided.
# Pre-process challenge 7 videos/audio
python scripts/preprocess_challenge_7.py
python scripts/preprocess_audio_challenge_7.py
# Place videos in challenges/7/videos
# Allow server.py to be executed and wait for it to generate challenge 7 images, before running flask_core.py
- Implement challenges for higher difficulties (>= 8)
- IP rate-limiting
- More sophisticated bot detection techniques
- Style elements to look nicer / UX
Discussions/feedback on the usefulness of current challenges and suggestions for improvements or more challenges are welcomed. Please open an issue for it.
If you maintain a website with sizable bot traffic and are willing to test dev changes, please do reach out!