Useful InformationThis page contains several articles copied directly from different web-sites. I have done this because the articles are very informative and presented in a clear and easy to read manner. Each article that I have used contains a direct link at the beginning to the original web-site.
If you want an answer to a question that is not here feel free to contact me.
To view or hide the article details click on the title.
Choosing A Domain Name
Choosing A Domain Name
Domain Name InformationThe first thing you need to do when creating a website is to get your own domain name. Don't know what that is, why you need it or how to get one? This page contains all of that domain name information and more.
What is a Domain Name?A domain name is your internet website address. It's what comes after the www. in www.domain-name.com.au. This is what customers and visitors type into their browser to find your web-site. The domain name for this site is www.aasitedesigns.com.
A domain name can be any combination of letters and/or numbers up to 63 characters. The official domain name extensions are .com, .net, .org, .biz, .info, and .ws. There are also other extensions like .tv and .tk but don't waste your time with those. Stick with a recognized one.
Country Domain Name SuffixYou can also add a country suffix to your domain name to show where you are located (.au, .us, .uk, .jp etc.). If you are unsure what to use then use either theone for your own country or a .com.
How to Choose a Good Domain NameHere is some information and tips to help you select the best domain name for you.
Keep it Short, Sweet and Simple (KISSS):
- Short. The shorter, the better. It's best to keep your domain name less than 15 characters if possible. A shorter name is easier for people to remember and it also reduces the likelihood that your visitor will mistype it or spell it wrong. For example, BuyIt.com has a lot less chance of being mistyped than isellthispleasebuyitfrommetoday.com.
- Sweet. The more memorable the name, the easier it is for people to remember. You can have the best site in the world, but if people can't remember your domain name it will cut down on your return visitors. It's hard enough to get traffic on the web without "losing" visitors that want to come back but can't find you.
- Simple. Make sure the domain name is easy for people to spell. Don't spell words unusually. Unless you have incredible branding, people will type in the common spelling of your domain and your competition will get visitors who were looking for you. For example, BlueRight.com is much better than BluRite.com
Choose a domain name that reflects your business. Don't just choose a random name. For example, if your sell horse supplies, you should choose a name that has the word "horse supplies" in it such as YourHorseSupplies.com. Or, your domain name should refer to horses in some way, like whoa.com. The former will help you in the search engines. The latter will be memorable.
When in doubt, choose a .com. If you are debating between several different domain names, go with the .com. It's what most people think of when they are typing in a domain name. It's true the best names are gone, but you can still find a good .com if you look. Thousands of .coms expire and are released back in the market each month so there is always a steady supply of new domains coming into the market.
Special tip: If you can afford it, you may also want to get your name followed by .com along with whatever domain name you decide to get. I think the way the internet is going it is smart to do and you will be very glad you have it later on.
Best Place to Get a Domain NameSome people try to save money and get a freebie website and domain name. I'm all for free whenever possible, but free websites and domain names just aren't worth it. Click here for information on why it's better to pay.
I get my domain names from Act Now Domains. I think they are super. They only charge $12.75 for 1 year domain name registration which is pretty cheap and they are really reliable. I have over 200 domain names there.
I've tried a couple of other places but never could get help when I needed it with those places. Act Now Domains has people available 24 hours a day by phone and email. Plus, it's just really easy to use.
Here's a price comparison so you can see how their prices compare to others:
|Act Now Domains||$12.75|
Update: All domain registrars are now required to charge $0.22 for every domain registration, transfer and renewal. This is something the organization that controls domain registrations is making them do. This fee is added when you checkout so don't be surprised if you see it. The registrar isn't trying to scam you or make you pay extra. It's a fee everyone has to pay and the registrars have to charge it.
How to Get a Domain NameAll you need to do to get a domain name is go to the registrar you want to use. They will have a search box. Just type the domain name you want in the search box and it will tell you if the domain is available.
If it is, just follow the steps and pay for it. If it isn't, search for another name. You can use their search tool to find variations of the domain name. It may take you a bit of time to find the one you want, but keep looking you will.
Generic Top Level Domains
Generic Top Level DomainsTop level domain names are the bit at the end of your domain name. It is generally used to describe/classify the type of domain that you have. Below is a small list of some of the available top level domain types.
- The .aero domain is reserved for members of the air-transport industry and is sponsored by Société Internationale de Télécommunications Aéronautiques (SITA).
- The .asia domain is restricted to the Pan-Asia and Asia Pacific community and is operated by DotAsia Organisation.
- The .biz domain is restricted to businesses and is operated by NeuLevel, Inc.
- The .cat domain is reserved for the Catalan linguistic and cultural community and is sponsored by Fundació puntCat.
- The .com domain is operated by VeriSign Global Registry Services.
- The .coop domain is reserved for cooperative associations and is sponsored by Dot Cooperation LLC.
- The .info domain is operated by Afilias Limited.
- The .jobs domain is reserved for human resource managers and is sponsored by Employ Media LLC.
- The .mobi domain is reserved for consumers and providers of mobile products and services and is sponsored by mTLD Top Level Domain, Ltd.
- The .museum domain is reserved for museums and is sponsored by the Museum Domain Management Association.
- The .name domain is reserved for individuals and is operated by Global Name Registry.
- The .net domain is operated by VeriSign Global Registry Services.
- The .org domain is operated by Public Interest Registry. It is intended to serve the noncommercial community, but all are eligible to register within .org.
- The .pro domain is restricted to credentialed professionals and related entities and is operated by RegistryPro.
- The .tel domain is reserved for businesses and individuals to publish their contact data and is sponsored by Telnic Ltd.
- The .travel domain is reserved for entities whose primary area of activity is in the travel industry and is sponsored by Tralliance Corporation.
- Registrations in the domains listed above may be made through dozens of competitive registrars. For a list of the currently operating accredited registrars, go to the InterNIC site. Information about becoming an accredited registrar is available on the ICANN site.
- The .gov domain is reserved exclusively for the United States Government. It is operated by the US General Services Administration.
- The .edu domain is reserved for postsecondary institutions accredited by an agency on the U.S. Department of Education's list of Nationally Recognized Accrediting Agencies and is registered only through Educause.
- The .mil domain is reserved exclusively for the United States Military. It is operated by the US DoD Network Information Center.
- The .int domain is used only for registering organizations established by international treaties between governments. It is operated by the IANA .int Domain Registry.
Additionally, there are the country locations that can be added to the end of the top level domains (such as .au for Australia, .nz for New Zealand etc.).
Australian (.au) Domain Names
Australian Domain NamesAnyone can register most domain names like .com, .net or .biz, but there are some rules for Austrlain domains like .com.au. All domain names ending in .au are registered for 2 years.
.com.au & .net.au
To register a .com.au or .net.au domain name you must be an Australian registered company, or business with a registered business number (ABN, BRN, BN).
(The licence requirements for a .com.au and .net.au domain name require your business to be registered for business in Australia, this means that you have to register your business or company name with an of the official Government Authorities, (such as ASIC, State Dept. of Fair Trading), or alternatively by obtaining an Australian Business Number (ABN) from the ATO.
Your domain name you order should either be:
- an exact match, or
- an acronym or abbreviation of the supplied business registration, or
- it should bear a close and substantial connection to the domain name.
For example, the Ford Motor Company would be reasonably entitled to own:
Domains can be 2 to 63 letters, and words can be separated by hyphens, but not spaces.
.au.com, .com, .biz, .net, .info, .org
These domain names are not restricted or regulated by .au Policy Rules. They are therefore policy free and anyone can register any domain name. If you own a company name, or a trademark, register an .au.com domain name to prevent anyone else registering that name.
.org.au & .asn.au
To qualify for these domains your organisation must be a "non-commercial organisation".
The domain name you register should have a solid relationship to the organisation to which it represents.
For example, the Salvation Army are reasonably entitled to own:
Especially designed for individuals, who reside in Australia. You may register ANY personal name by which you are known.
For example, John Howard would be reasonably entitled to own:
Cheap, affordable, commercial web hostsWhilst I use www.Fazewire.com because it is:
- has a large hosting size (starting at 500mb)
- has good support,
- usees cpanel
- allows you to bypass firewalls to access the control panel, and
- has many installable web applications
- For this reason I have included a small article about finding a suitable web-hosting service.
I strongly recommend that you read the article How to Choose a Web Host before committing yourself to any web host. You can also find my personal favourites (with a review of those hosts) in my FAQ: Which Web Host Do You Recommend?.
- How to Choose a Good Web Host
- Tips on Choosing a Good Domain Name
- How to Register Your Own Domain Name
- The Beginner's A-Z Guide to Starting/Creating Your Own Website
- How to Make Money with Your Website
- How to Accept Credit Card Payments from your Website
- My Biggest Website Regrets
- Which Web Host Do You Recommend? (FAQ)
- Budget Web Hosts (page 1) - this page
- Budget Web Hosts (page 2) - the second page of our list
The information provided on this page comes without any warranty whatsoever. Use it at your own risk. Just because a program, book, document or service is listed here or has a good review does not mean that I endorse or approve of the program or of any of its contents. All the other standard disclaimers also apply.
Free Web-Site Hosting Plans
Free website hosting plans"Free website hosting plans" are a type of web hosting service where you get free web space on their hosting server to create and host your web site free. Free web page hosting has several advantages, but mainly that it costs nothing (no money and no credit cards needed). Free web site hosting services also often have several disadvantages (though a few actually surpass some of the cheapest paid hosting servers in some features), such as limited webhosting features and forced ads. Usually in exchange for these free hosting services, the free web hosting company places advertisements on your free web pages of some sort (banners, textlinks, popups, etc.) to cover their costs, and hopefully make a profit.
However there are some free website hosts that provide free bannerless hosting (no ads, no popups, and no advert of any kind), so they make money in other ways, such as displaying ads for the webmaster to click in their control panel, sending email ads, or requiring forum posting (which of course displays ads, as well as causing you to create free website content for them). Other free web page hosts offer very limited services (such as limited web page space, bandwidth limit, and no scripting) to attract users and hope that many people upgrade to a paid webhosting service.
Many free website hosts provide a subdomain or sub-directory of their own domainname instead of (or an option to) allowing its users to host their own top-level domain name free. Most of the free webpage hosting providers over the years have proven to often not be reliable servers, but most of the free hosts listed on this web site have been in service several years, so are more reliable than most newer free hosts.
Free Web Hosting Tips
Free Web Hosting TipsThis article is from : http://www.free-webhosts.com. This is a very good website and there is much more useful information on it than is displayed here.
Can you really get FREE web hosting?
Yes, there are hundreds of free hosting web sites, as far as not having to pay any money to have your website hosted. Generally they either cost you in time, web hosting restrictions, or modifying your free web pages by adding popups, banners, or other adverts. When looking for free web hosting (especially on search engines), you should beware that there are also a large number of commercial web hosts that claim to offer free hosting services, but those often have a catch, such as paying an excessive amount for a domain name or other service, and therefore aren't really free. The free free hosting guide below will give you some tips for finding the right free webhosting company for you.
How do the free web hosts make money?
The free website hosts often make money in other ways, such as putting banners, popups, or popunders ads on your free webpages. Some free web hosting companies do not put ads on your site, but require you as the webmaster to click on banners in their control panel or signup process, or just display banners in the file manager in hopes you will click them. Some lure visitors with free hosting in hopes you will upgrade and pay for advanced features. A few send you occasional emails with ads, or may even sell your email address. A new method that is becoming popular is requiring a certain number of "quality" forum posting, usually as a means of getting free content for them and thereby being able to display more ads to their website visitors.
Are free web hosts reliable?
Generally no, although there are a few exceptions. If the free host is making money from banner ads or other revenue sources directly from the free hosting service, then they likely will stay in business, provided someone doesn't abuse their web hosting server with spam, hacking, etc., as often happens to new free web hosting companies with liberal signup policies. If the freehost accepts just anyone, especially with an automated instant activation and it offers features such as PHP or CGI, then some users invariably try to find ways to abuse it, which can cause the free server to have a lot of downtime or the free web server to be slow. It is best if you choose a very selective free hoster which only accepts quality sites (assuming you have one).
Uses for free webspace
Free web hosting is not recommended for businesses unless you can get domain hosting from an ad-free host that is very selective. Other reasons for using free hosting websites would be to learn the basics of website hosting, have a personal website with pictures of your family or whatever, a doorway page to another web site of yours, or to try scripts you have developed on different web hosting environments.
How to find the right free web hosting site
The best place to search for free webhosting is on a free webspace directory website (i.e. a web site which specializes in listing only free web hosting providers). There are some which add new free hosts pretty much every week (and if it is updated often, has usually had to delete about as many). There are also many which almost never update their web site, and a huge percent of their links and info are outdated. Unfortunately that includes most of the directories that were the best several years ago. The problem is free hosts change so often, and most fold up in less than a year (often even after only a day or two), that it is hard to keep such a freehosting directory up-to-date. The most recommended free web space directory is Free Web Hosting (http://www.free-webhosts.com/), which has a detailed list of over 500 free web hosting providers with user reviews, ratings, and free hosting searchable database. It is updated daily, and the advanced free web hosting search has 42 options, helping you to find the free hosting package with all the features you need, such as CGI, PHP, MySQL, ASP, SSI, Ruby on Rails, FrontPage server extensions, and even free cpanel web hosting.
For a smaller, more selective list of the best free hosts, there are also these free webspace hosting directories: Best Free Webspace (http://www.100-Best-Free-Webspace.com/) Free Hosting (http://www.Absolutely-Free-Hosting.com/) Free Webspace (http://www.free-webspace.org/) Other (usually less useful) resources include subcategories of freebies sites, search engines and directories, and forums. Your ISP might also supply you with free webhosting.
Hints for finding the best free web hosting service
Generally it is best not to choose a free hosting package with more features than you need, and also check to see if the company somehow receives revenue from the free hosting itself to keep it in business. As already mentioned, it is best to try to get accepted to a more selective free host if possible. Look at other sites hosted there to see what kind of ads are on your site, and the server speed (keep in mind newer hosts will be faster at first). Read the Terms of Service (TOS) and host features to make sure it has enough bandwidth for your site, large webspace and file size limit, and any scripting options you might need. Read free webspace reviews and ratings by other users on free hosting directories. If you don't have your own domain name, you might want to use a free URL forwarding service so you can change your site's host if needed.
Recommended free web hosts
It would be awfully hard to recommend any free web space host and someone not like it, as different people need different web hosting features and have different priorities, and the webhosting quality may change over time. Also some people want free domain hosting (you own the domain), and others might not be able to buy a domain name. Here are some of the most recommended free web hosts, and their main features.
50Webs (http://www.50webs.com/) gives you a URL such as http://you.50webs.com/ (or you can use your own domain name), and offers 60 MB webspace, POP3 email, and unlimited bandwidth. You can upload via a file manger or FTP import. There are no ads or popups placed on your hosted web pages. You can setup multiple addon domains and subdomains under the same web hosting account.
Yahoo Geocities (http://geocities.yahoo.com/home/) is controversial. Many people hate the ads they put on your site or its other limitations, but it is one of the oldest and most reliable free web hosts. Your URL looks like http://www.geocities.com/you . They give you 15 MB webspace, file manager and editor, web-based Email, and statistics. The bandwidth limit is 3 GB/month, and the file size limit is 5 MB. You can upload several file types such as RealAudio, RealVideo, Flash, MP3, and Java, but other scripting is not supported.
Copyright © 2003-2007 Free-Webhosts.com: This article is free content for reproduction in websites, newsletters, ebooks, CDs, or other media, but MUST be reproduced in its entirety, including all links and this copyright statement. It may NOT be modified other than formatting changes. It may NOT be used in any connection with SPAM or by media advertised by such. See Free-Webhosts.com for updates of this free content article, and its availability in other file types.
Blogs, Forums and Guestbooks
Blogs, Forums and GuestbooksMany people want to have blogs, forums and guestbooks on their web-sites. They provide a way for people to communicate with each other, solve problems or express their opinions.
ForumsForums are generally used to help solve technical problems or allow an open discussion of opinions. People enter an opinion or problem in either a public or private forum and await the various replies.
BlogsThe word blog is short for web-log. Blogs are essentially an on-line diary that others can read and add their comments to. They can be used by companies (to make announcements or display articles) and by individuals and groups to tell everybody what they have been doing, are doing and are going to do.
Twitter is a new form of micro-blog has recently become popular. Blogs are limited to 140 characters. This can also be set up on your web-site.
GuestbooksGuestbooks allow people to leave messages for others to read about your web-site, their quality of service, suggestions and criticisms. If you adjust and improve your web-site based on these comments then your overall business is more likely to improve as well.
SpammersThe main disadvantage of both Blogs, Forums, Guestbook and contact forms is that spammers can add their spam messages to them. For this reason a technique called "Image verification" (known as CAPTCHA) is becoming more popular. This stops the automated programs (bots) that spammers use to spam web-sites. It does not stop a spammer manually adding a spam message. Please read more about CAPTCHA in the next section.
How do I get a blog, forum and/or guestbookMany web-hosts actually have them ready to install for free (as on www.Fazewire.com). Also, there are plenty of web-sites where you can purchase (or download free) these Blogs, forums or guestbooks.
• Intuitive, graphical view of community opinion
• Enable you to express opinions quickly and easily
• Collection of valuable data about your audience's tastes and preferences
• Seeing how other people rate the components of your site
• Enabling dynamic discovery based on community opinion
How do these services workThese services work as follows:
- You create an account with their web-site.
- you create a page on your web-site that links to your account on the free Guestbook/Blog web-site.
To update the Guestbook/Blog you either:
- log in through your Guestbook/Blog pages on your web-site, or
- log in directly through the Guestbook/Blog web-site.
When someone accesses your Guestbook/Blog on your web-site your web-site sends a message to the free Guestbook/Blog web-site to send it the information in your account, and displays it on your web-site. Any changes made to (information that is added, deleted or changed) your guestbook/blog pages sent to the free Guestbook/Blog web-sites. All of your information is are stored on the free Guestbook/Blog web-sites.
eCommerce/eBusinessThere are many types of "E-Commerce solutions". However, generally no matter which solution you choose you will pay either a commission or a monthly fee. If you are just starting your business and are not making many sales you may choose to use a commission serivce. If you are making a lot of sales you may choose to use a service that charges a monthly fee.
Services that charge a commission include services like paypal.
Services that charge a monthly fee include services like e-junkie.
e-JunkieThe following details have been taken directly from the e-junkie web-site.
E-junkie provides shopping cart and buy now buttons to let you sell downloads and tangible goods on your website.
For merchants selling downloads, e-junkie automates and secures the digital delivery of files and codes. If you are selling tangible goods, e-junkie automates the shipping calculation and inventory management. Their shopping cart has a built in sales tax, VAT, packaging and shipping cost calculator.
You can sell ebooks, sell mp3 tracks and albums, sell software, icons, fonts, artwork, phone cards, event tickets, cds, posters, books, t-shirts and almost everything else you want to sell.
E-junkie has no transaction limit, no bandwidth limit, no setup fee and no transaction fee.
E-junkie will store and deliver your files and code automatically. Buyers get secure product download immediately after a successful payment.
Up-to-date pricing for e-junkie can be obtained from: http://www.e-junkie.com/ej/pricing.php
|Number of products||Hosting Space (MB)||Cost per month (US $)|
Meta-TagsMeta-tags are little bits of information at the start of each web-page. These bits of information are used by the search engines when they visit the web-site to rate the web-site as well as the individual pages. Below are some examples of the kinds of tags normally used in web-sites.
|description||Description of web page|
|keywords||List your keywords here|
Google position on meta tags Improve-snippets-with-meta-description
Yahoo position on meta tags Yahoo Search Engine Ranking
Search Engine Submittion
How to submit your web-site to search enginesOnce your web-site has been completed and uploaded to your server you will want it to appear on search engines as soon as possible. Of the many different search engines used today the majority of people only use a few of them. These include:
- www.dogpile.com This is a meta search engine (a meta search engine searches other search engines)
Even if you do absolutely nothing then your web-site will eventually get listed by search engines. The have programs called 'Robots' that do this. However, if you want to speed up the process then submitting your web-site to a search engine very easy and only takes a few minutes. For example if you want to submit your web-site to www.google.com all you have to do is:
- go to www.google.com
- enter something like "www.google.com add url" or "www.google.com submit website" into a search engine
- follow the instructions to submit your web-site.
Do this for all of the search engines that you want to submit your web-site to and wait for them to be listed. It could take around six weeks or so from the time that your web-site is submitted for the major search engines to list your site. There are companies that will get your web-site submitted and on web-sites within a few days but they charge a hell of a lot of money for this service. If you are willing to wait a few weeks it will happen for free.
CAPTCHA: Telling Humans and Computers Apart Automatically© 2000-2007 Carnegie Mellon University, all rights reserved.
The term CAPTCHA (for Completely Automated Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. At the time, they developed the first CAPTCHA to be used by Yahoo.
Get a Free CAPTCHA For Your Site
A free, secure and accessible CAPTCHA implementation is available from the reCAPTCHA project.. Easy to install plugins are available for WordPress, MediaWiki, PHP, Perl, Python, and many other environments. reCAPTCHA also comes with an audio test to ensure that blind users can freely navigate your site.
New: Help Us Build Audio CAPTCHAs
We are building audio CAPTCHAs to help blind people in many languages. If your native language is not English, you can help us by recording your voice.
Test Drive a CAPTCHA
- reCAPTCHA. Stop spam and help digitize books at the same time! The words shown come directly from old books that are being digitized.
- ESP-PIX. A CAPTCHA script that's close to our hearts. Instead of typing letters, you authenticate yourself as a human by recognizing what object is common in a set of images. This was the first example of a CAPTCHA based on image recognition.
Applications of CAPTCHAs
CAPTCHAs have several applications for practical security, including (but not limited to):
- Preventing Comment Spam in Blogs. Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter comments on a blog. There is no need to make users sign up before they enter a comment, and no legitimate comments are ever lost!
- Protecting Website Registration. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until a few years ago, most of these services suffered from a specific type of attack: "bots" that would sign up for thousands of email accounts every minute. The solution to this problem was to use CAPTCHAs to ensure that only humans obtain free accounts. In general, free services should be protected with a CAPTCHA in order to prevent abuse by automated scripts.
- Protecting Email Addresses From Scrapers. Spammers crawl the Web in search of email addresses posted in clear text. CAPTCHAs provide an effective mechanism to hide your email address from Web scrapers. The idea is to require users to solve a CAPTCHA before showing your email address. A free and secure implementation that uses CAPTCHAs to obfuscate an email address can be found at reCAPTCHA MailHide.
- Online Polls. In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll ensures that only humans can vote.
- Preventing Dictionary Attacks. CAPTCHAs can also be used to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords by requiring it to solve a CAPTCHA after a certain number of unsuccessful logins. This is better than the classic approach of locking an account after a sequence of unsuccessful logins, since doing so allows an attacker to lock accounts at will.
- Search Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only serves to say "no bots, please." Search engine bots, since they usually belong to large companies, respect web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a web site, CAPTCHAs are needed.
- Worms and Spam. CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea.
If your website needs protection from abuse, it is recommended that you use a CAPTCHA. There are many CAPTCHA implementations, some better than others. The following guidelines are strongly recommended for any CAPTCHA code:
- Accessibility. CAPTCHAs must be accessible. CAPTCHAs based solely on reading text — or other visual-perception tasks — prevent visually impaired users from accessing the protected resource. Such CAPTCHAs may make a site incompatible with Section 508 in the United States. Any implementation of a CAPTCHA should allow blind users to get around the barrier, for example, by permitting users to opt for an audio or sound CAPTCHA.
- Image Security. CAPTCHA images of text should be distorted randomly before being presented to the user. Many implementations of CAPTCHAs use undistorted text, or text with only minor distortions. These implementations are vulnerable to simple automated attacks.
- Script Security. Building a secure CAPTCHA code is not easy. In addition to making the images unreadable by computers, the system should ensure that there are no easy ways around it at the script level. Common examples of insecurities in this respect include: (1) Systems that pass the answer to the CAPTCHA in plain text as part of the web form. (2) Systems where a solution to the same CAPTCHA can be used multiple times (this makes the CAPTCHA vulnerable to so-called "replay attacks"). Most CAPTCHA scripts found freely on the Web are vulnerable to these types of attacks.
- Security Even After Wide-Spread Adoption. There are various "CAPTCHAs" that would be insecure if a significant number of sites started using them. An example of such a puzzle is asking text-based questions, such as a mathematical question ("what is 1+1"). Since a parser could easily be written that would allow bots to bypass this test, such "CAPTCHAs" rely on the fact that few sites use them, and thus that a bot author has no incentive to program their bot to solve that challenge. True CAPTCHAs should be secure even after a significant number of websites adopt them.
- Should I Make My Own CAPTCHA? In general, making your own CAPTCHA script (e.g., using PHP, Perl or .Net) is a bad idea, as there are many failure modes. We recommend that you use a well-tested implementation such as reCAPTCHA.
The "Pornography Attack" is Not a Concern
It is sometimes rumored that spammers are using pornographic sites to solve CAPTCHAs: the CAPTCHA images are sent to a porn site, and the porn site users are asked to solve the CAPTCHA before being able to see a pornographic image. This is not a security concern for CAPTCHAs. While it might be the case that some spammers use porn sites to attack CAPTCHAs (although there is no recorded evidence of this), the amount of damage this can inflict is tiny (so tiny that we haven't even seen this happen!). Whereas it is trivial to write a bot that abuses an unprotected site millions of times a day, redirecting CAPTCHAs to be solved by humans viewing pornography would only allow spammers to abuse systems a few thousand times per day. The economics of this attack just don't add up: every time a porn site shows a CAPTCHA before a porn image, they risk losing a customer to another site that doesn't do this.
Advancing Artificial Intelligence
CAPTCHA tests are based on open problems in artificial intelligence (AI): decoding images of distorted text, for instance, is well beyond the capabilities of modern computers. Therefore, CAPTCHAs also offer well-defined challenges for the AI community, and induce security researchers, as well as otherwise malicious programmers, to work on advancing the field of AI. CAPTCHAs are thus a win-win situation: either a CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and an AI problem is solved.
Academic Publications and Presentations
- Luis von Ahn, Manuel Blum and John Langford. Telling Humans and Computers Apart Automatically. In Communications of the ACM.
- Luis von Ahn, Manuel Blum, Nicholas Hopper, and John Langford. CAPTCHA: Using Hard AI Problems for Security. In Eurocrypt.
- Kumar Chellapilla and Patrice Y. Simard. Using Machine Learning to Break Human Interaction Proofs (HIPs). In NIPS. (Explains how to break the simple CAPTCHAs for which character segmentation is easy.)
- Greg Mori and Jitendra Malik. Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA. In CVPR. (Explains how to break a simple CAPTCHA.)
- Google Tech Talk about CAPTCHAs and Human Computation.
Selected Popular Press Pieces
- Human or Computer? Take This Test, The New York Times.
- reCAPTCHA - Stop Spam, Read Books, O'Reilly Radar.
- For Certain Tasks, the Cortex Still Beats the CPU, Wired Magazine.
© 2000-2007 Carnegie Mellon University, all rights reserved.