My site uses captcha of 6 digits, however if the attacker try all combinations,

Question

0

Asked: May 13, 20262026-05-13T17:41:52+00:00 2026-05-13T17:41:52+00:00

My site uses captcha of 6 digits, however if the attacker try all combinations,

0

My site uses captcha of 6 digits, however if the attacker try all combinations, chances are he will successfully submit the form fraction of the times.(1/million in theory, much more in practice since the random number generator I use is not truely random).
Is there anyway I can further prevent him from succeeding? One way is to prevent anyone from form submission for 5 minutes after a certain number of tries(eg.20), the problem is that if I store the number of tries in session, and the attacker creates a session for every try(naturally since he uses a program, not a browser), then it would not work. And I don’t want to modify existing db schema to accommodate this logic.
Another way is to increase the number of captcha character used, which causes user inconvenience.
All advises are welcome.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T17:41:52+00:00

Editorial Team

2026-05-13T17:41:52+00:00Added an answer on May 13, 2026 at 5:41 pm

I would recommend adding letters. That will make brute force much harder, than adding more digits.

EDIT: You can also, slow done the answers after getting some incorrect attempts. Add for example, 5 min delay.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

My site uses captcha of 6 digits, however if the attacker try all combinations,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply