I’ve sat on the concept for a long time and it has had many names but I’ve got a bit of free time now so I decided to create a proof of concept. It isn’t perfect yet and there may be false positives due to a few bugs but if you read my blog you know I like to release code early πŸ™‚

So what is it I hear you ask? Well Codetcha is CAPTCHA but not in the traditional sense, it purposely creates code bugs and uses the developers debugging skills to determine if he/she is human or not. In the first version I’ve used Javascript as the error prone code and a PHP mirror behind the scenes to get the relevant value. However any programming language could be used, I decided on Javascript because you can use the native debugging in the browser to help you pass the test.

It’s worth noting that this sort of system couldn’t be used on a non-technical forum or blog because it assumes knowledge of a programming language but it could be used on technical blogs and forums.


Fixed more bugs, reduced the settings slightly. I’ll release the source code soon once I’ve refined it a bit more.

Update again…

I’ve fixed many bugs, reduced the code by 50% and improved the replace algorithm.

Codetcha demo

15 Responses to “Codetcha”

  1. gianni writes:

    You are insane πŸ™‚

    Anyway, I figured it out, but I did this without understanding really well what I was supposed to do.

    You should give more instruction on the codetcha page itself.

  2. Gareth Heyes writes:


    I tried to make it as simple as possible, I’ll maybe look into making a bit easy to understand πŸ˜›

    Glad you figured it out though πŸ™‚ It still contains bugs which I’m going to sort out and I’ll make it a bit more usable as well.

  3. Eirik Hoem writes:

    That’s a new one for me πŸ™‚ Pretty cool concept. I doubt people would use it on forums / blogs, since it probably would prevent a good portion of the posts. Not every visitor / active member knows JS etc. Still, cool idea πŸ™‚

  4. Gareth Heyes writes:


    Don’t forget this is the first version πŸ˜‰ CSS, HTML, C# or any other language could be used.

    I’ve fixed a bug with the script and added instructions, have fun πŸ™‚

  5. fragge writes:


    It could be made harder.. weed out the non-coders leeching on a coders forum. Imagine it.. it could wipe out script kiddies πŸ˜‰

  6. nikos writes:

    i ‘m still laughing…

  7. islam writes:

    just test!

  8. islam writes:

    hello , just take look about javascript with the main html document so the user will have the ability to control all the page contant and activity which may be lead to XSS Bug
    find way to separate code code checked engine from main page javascript renderer

    thank you!

  9. Gareth Heyes writes:


    That isn’t XSS. Unless you can provide me with the means to remotely execute the code without user interaction then I won’t fix it. If you consider that XSS then every web site is vulnerable on the internet, go to enter javascript:alert(/XSS/) in the url bar

  10. Thiago writes:

    I don’t think that this kind of verification could be realy used. Imagine, to every message in the forum you have to fix these boring useless codes.

  11. Gareth Heyes writes:


    The CAPTCHA is quite easy to solve and only takes a few seconds and it improves your javascript debugging skills along with it. As a added bonus it can also be used to eliminate script kiddies from forums,

    I’m not saying it could be used on all forums but ones with a high technical knowledge it could prove useful.

  12. fragge writes:

    It doesn’t have to be used on every post. Just on registration on members only forum.. elitist coders ftw.

  13. agente_naranja writes:

    Is not *that* easy to solve. It took me like a minute to solve medium, probably you guys can solve it in 30 seconds but it’s still plenty of time. Mostly because I took time to look for the declaration of all variables, not only fixing the missing )’s or }’s. And what about setting some more less obscure variable names? Like “first”, “second”, etc. A variable called “z9gC0” is difficult to track πŸ˜›

    But the idea is really good, I mean, users can reduce it to just one line of a code and say “Fix the three errors in this code and press Submit”. That would certainly prevent lots of “useless” people into joining particular websites.

  14. Gareth Heyes writes:


    It takes me around 5-10 seconds to solve, did you use the test syntax and the highlighted lines numbers? I guess I can reduce it and make it easier or harder depending on the target audience, I see it as a means to remove useless comments and spam within a technical environment.

    The code itself can be configured to produce longer/shorter variables and less functions if required, I’ve done it like this because I see each one being unique and therefore difficult to attack.

    Thanks for the good feedback I’ll look into making it more friendly and producing better variable names.

  15. alex writes:

    the low was easy πŸ˜›

    noce idea