Security

The proof-of-work mechanism is a method used by most modern and privacy-compliant CAPTCHAs. It involves a small cryptographic puzzle that is automatically solved by the device before the CAPTCHA can be completed successfully. Regular users won’t notice this process, as it runs in the background and takes little time.

However, if our systems detect an unusually high number of requests from a user, the puzzle's difficulty automatically increases. This means the computer requires significantly more processing power and time to solve the puzzle. While this process remains unnoticed by regular users, it becomes time-consuming and resource-intensive for potential attackers using automated bots, making such attacks inefficient and unattractive.

This smart adjustment ensures maximum security without compromising user-friendliness.

Customizable Difficulty and Duration
Administrators can adjust the difficulty of the cryptographic puzzles, thereby influencing the CAPTCHA's duration. This allows the security requirements to align with the user experience and adapt to specific needs.

The individual bot score helps determine whether a request comes from a genuine user or a bot, similar to Google reCAPTCHA’s bot score concept. This method complements the proof-of-work mechanism, ensuring that your website is not only unattractive to bots but also effectively detects and blocks them.

To achieve this, we analyze various data points, such as technical information and user behavior, identifying suspicious or unusual patterns. From all this information, we calculate a probability indicating whether the request is from a bot.

Whether you choose to automatically block suspicious requests, flag them for review, take further actions, or ignore the bot score altogether – the individual bot score gives you the flexibility to optimize your security strategy to suit your needs.

The optional slider button provides another effective way to stop bots. This feature is entirely optional and should only be enabled if the previous security measures – the proof-of-work mechanism and the bot score – do not deliver the desired results.

When the CAPTCHA starts, a popup with a button appears. The button must be held down until it is fully charged. Once charging is complete, the button can be released, and the popup closes automatically – done! For humans, this brief interaction is straightforward, but for bots, it’s nearly impossible to replicate.

Additionally, the slider button is designed to be accessible: thanks to acoustic feedback, users with visual impairments can easily determine when to release the button.

The slider button is a simple and flexible option to further enhance your website's security.

Allow-List / Block-List
With the allow-list and block-list, you can precisely control who can access your website. You can add individual IP addresses or entire IP ranges. Users on the allow-list enjoy special privileges: they do not need to solve proof-of-work puzzles and automatically receive the lowest bot score, granting them quick and seamless access. Users on the block-list, however, are assigned the highest bot score and are automatically denied access.

Geoblocking
With geoblocking, you can restrict access to your website based on countries or regions. You can decide flexibly whether to allow access only from certain countries (allow-list mode) or block access from specific countries (block-list mode).