Simon Willison’s Weblog

Subscribe
Atom feed for captchas Random

9 posts tagged “captchas”

2026

None
TIL Cloudflare CAPTCHA on at least one ampersand

I'm using Cloudflare's CAPTCHA (they call it a "Web Application Firewall > Custom rules > Managed Challenge" these days) to prevent crawlers from aggresively spidering my faceted search engine on this site, but I got fed up of even simple ?q=term searches triggering the challenge.

After some mucking around with Claude Code it turns out you can register the following rule instead, so the CAPTCHA only kicks in for search URLs containing at least one ampersand:

(http.request.uri.path wildcard r"/search/*" and http.request.uri.query contains "&")

And now /search/?q=lemur works without triggering a CAPTCHA!

Also included: notes on trying out the Cloudflare MCP with Claude Code, though it turned out not to be able to edit the rules in question so I had Claude Code switch to the Cloudflare API instead.

16th Jun 2026, 12:21 am · captchas, cloudflare, model-context-protocol, claude-code

2009

moot wins, Time Inc. loses. The Time.com poll hack was more sophisticated than I first thought... Time implemented reCAPTCHA half way through the voting period, but the 4chan community fought back with a custom interface that crowdsourced the job of voting and let individuals submit up to 30 votes a minute.

# 29th April 2009, 11:13 am / 4chan, captchas, moot, onlinepolls, recaptcha, security, timedotcom, voting

OCR and Neural Nets in JavaScript. John dissects the brilliant Greasemonkey script that solves simple captchas using the canvas element and HTML5’s getImageData API.

# 25th January 2009, 12 am / canvas, captchas, getimagedata, greasemonkey, javascript, john-resig, ocr

2008

New authentication schemes such as OpenID, or Microsoft's CardSpace, may help as adoption increases. These systems make it possible to register for one site using credentials verified by another. Instead of having many sites with poor verification procedures, the internet could have a few sites with strong verification procedures, that are then used by others. The advantage for the user is that they no longer have to jump through multiple hoops for each new site they encounter.

Tim Anderson, in the Guardian

# 29th August 2008, 10:01 am / captchas, cardspace, guardian, openid, security, tim-anderson

Integrating reCAPTCHA with Django. Looks pretty straight forward.

# 19th March 2008, 9:41 am / captchas, django, python, recaptcha

2007

The NHL’s All-Star voting disaster. The NHL ran an online poll to decide which players are picked for their All-Star Game. The only authentication was a poorly implemented CAPTCHA. Unsurprisingly, it got gamed.

# 19th January 2007, 9:50 am / captchas, gaming, nhl, security, stupid

2006

botbouncer.com (via) Neat concept: a third party service for ensuring that an OpenID has passed a CAPTCHA.

# 19th December 2006, 6:01 pm / captchas, janrain, openid

RSS CAPTCHA Prototype. Accessible captchas based on RSS feeds from friends’ sites.

# 24th August 2006, 7:01 pm / captchas

2004

Solving and creating captchas with free porn. More spammer ingenuity

# 28th January 2004, 8:37 am / captchas, spammers

Related