Chess CAPTCHA - a serious defence against spammers?

Filed Under: Featured, Spam

CAPTCHAs - the questions that a website asks you to answer to prove if you're a human being or not - come in many shapes and forms.

Conventional CAPTCHA

Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages.

As a keen chess player, I was interested to see this CAPTCHA being used on an online chess forum:

Chess CAPTCHA

Okay, so it's not much of a challenge if you're a chess player, but it also clearly locks out any users who do not know how to play chess. (For those of you can't see the checkmate, the answer is upside-down at the bottom of this article - and make sure to realise that Black is playing from the bottom)

But most importantly, if a CAPTCHA system like this were to become widely-used, how tricky would it be for an automated bot to solve the puzzle?

Sadly, it wouldn't be very difficult. After all, chess computers have been capable of beating world chess champions for 15 years.

Solving a chess puzzle doesn't prove that you are a human - it just proves you know how to play chess. So it can work as a fun CAPTCHA on a chess-related website, but is unlikely to prove an adequate defence if it were adopted widely elsewhere.

Of course, some chess puzzles are harder than others - even for computers to solve.

For a bit of fun, take a look at the following chess puzzle. It's White to move, and to mate the Black King in two moves.

Can you do it?

Chess puzzle. White to play, mate in two.

Leave a comment below if you think you know how to solve this (sneaky) puzzle.

Chess CAPTCHA solution: .# (ǝʌıɟ doɥsıq s,ƃuıʞ) 4F oʇ uǝǝnb ʞɔɐlq ǝɥʇ ƃuıʌoɯ ʎq ƃuıʞ ǝʇıɥʍ ǝɥʇ ǝʇɐɯʞɔǝɥɔ uɐɔ noʎ

Hat-tip: Reddit

, , ,

You might like

78 Responses to Chess CAPTCHA - a serious defence against spammers?

  1. Will · 534 days ago

    I think the idea of this is more to provide something related to the forum and 'meaningful' rather than just copying 2 words. if you're browsing/posting on a chess forum you're likely going to be more than happy to solve a small problem so it doesn't feel like as much as a chore as typing 2 difficult to read words. I think this will provide adequete security as I doubt many people will see it worth their time writing a bot to defeat this single captcha, however, like stated it would be trivial to perform template matching on the pieces to detect their positions and run it through an existing chess API or write one yourself (after all, you've only got to look ahead 1 or 2 moves so it would be quite trivial)

  2. Newell White · 534 days ago

    N-f1 (discovered check) KxR
    R-g1 mate

    Not hard for anyone familiar with 2-movers.
    Trivial for even an 8-bit microprocessor.

    • But the King doesn't have to take the rook. It can take the pawn instead.

      So that's not it. :)

      • Boullie · 534 days ago

        if the king takes the rook (I guess that's the tower piece), he is still in the 'chess' position, as he can be defeated by the upper knight, no?

        • Nevell White suggested checking by moving the upper knight to F1. (It's actually a discovered check by the rook)

          In that situation, the rook on H1 is no longer protected by that knight. But more importantly, there's nothing to stop the king taking the pawn on F3.

  3. waynemyers · 534 days ago

    Took a while but I got the mate in two puzzle. Is it a Sam Loyd? It's lovely.

    (1 Re4 Kxf3 2 O-O mate )

    Feel free to delete this comment if you don't want spoilerage -

    • CONGRATULATIONS WAYNE! You were the first to come up with an answer to the puzzle.

      Like many sneaky chess puzzles, it relied upon either the underpromotion of a pawn, an en-passant manoeuvre or castling (In this case, castling).

      Well done to the others who also successfully worked it out!

  4. Phil · 534 days ago

    Ng3-f5 Kg2xf3
    Ne2-c4

    • That doesn't work. (Firstly, the King doesn't have to take the pawn - it can take the rook on H1. But also, the E2 knight can't move to C4.)

      If you meant the NE2-F4, then the King can just take the rook on G4.

      • Phil · 534 days ago

        Argh. Now the real challenge: Concentrate on the Sydney firewall config, not this puzzle all afternoon...

        • You'll kick yourself when you see it.

          Someone has already solved the puzzle (well done Wayne!) but I am waiting before approving their comment, so others can enjoy the challenge.

  5. Bill C · 534 days ago

    Rook -> F1
    King's move to H2
    Rook to H4 - Checkmate.. ( apologies if i got the board wrong, very early) lol

    • That's not it.

      After rook to F1, the king could move to H3 rather than H2 - preventing the RH4 "mate". (RH4 wouldn't be mate anyway, as the King can move back to G2)

      Try again. :)

      • Bill C · 534 days ago

        I just saw that, after I had posted. :) You know all those puns with waking so-so up pretty early in the am.. well that's what happened to me. xD

  6. Marion · 534 days ago

    Considering that I don't understand chess, I would never get past the captcha.

    • Phil · 534 days ago

      But then again you'd probably not want to spend time on a Chess forum...

  7. Samuel Liew · 534 days ago

    R-E4
    KxP
    O-O#

  8. This is sneaky because even if you put the position into a computer, it won't find anything faster than mate in 3 (of which there is more than one possibility). However, the key here is that one can find a mate in 2 if one makes the assumption that WHITE CAN STILL CASTLE! What being the case, White plays 1.Re4 (covering the e3 square) and forcing 1. ... Kxf3, after which White mates with 2.O-O!

    If you set up your computer and tell it that White can still castle King-side, it'll find the Mate in 2 :-)

    • Well done on working it out Dave.

      I'm afraid Wayne beat you to it - but still an impressive solution!

    • Matthew · 533 days ago

      White Cannot castle though as that would involve moving the white king within the area threatened by the black king.

  9. DS Bakker · 534 days ago

    The answer to the first captcha is wrong isn't it? Pawn takes Queen, so no Checkmate. Rook to F1 is the move.

    • Nope, I'm pretty sure the answer to the CAPTCHA is correct. Black's queen checkmates the White king by sliding along the diagonal to sit next to the black bishop.

  10. someone pls tell me am not going bonkers!! in the first captcha, it says check mate in one move, but if you check thew answer given, its not actually check mate or am i missing something??

    • In the CAPTCHA, the answer is to move the Black Queen to F4. In other words, it moves next to the black bishop. (remember that black is playing from the bottom of the board). When the Queen is at F4 it's checkmate (via the diagonal)

      Right? :)

    • It is checkmate. :)

      You're probably not noticing that once the queen has moved to F4+, the bishop and passed pawn prevent the King from going to any escape squares.

  11. Richard Chambers · 534 days ago

    Why do it in two moves when you can mate in one?

    Move the queen to F1, unless I'm missing something here, which is very possible.

    • Ummm.. the CAPTCHA *is* a mate in one. I give the answer at the end of the article (albeit upside-down).

      The puzzle is the second image - which is a mate in two, for white.

      In neither of the puzzles can you move the queen to F1.

  12. VERY Good idea.

  13. Richard Chambers · 534 days ago

    Wait, just realised I was taking the White King as a queen, ignore me.

  14. Samir · 534 days ago

    1 move checkmate - move the knight from E2 to D4

    • That's not checkmate. That's stalemate, as there's no legal move for the Black king in that position. Which would mean a draw.

      Try again.

  15. waynemyers · 534 days ago

    There's a great reddit thread on this puzzle (CAUTION SPOILERS):
    http://www.reddit.com/r/chess/comments/19zbfe/i_j...

    These are particularly spoiley spoilers too - the first comment provides the (only) solution, and the second one explains why that solution is itself highly problematic - what did Black just play? And so what did White just play? And so that solution is... oh dear.

    Great puzzle though, and thanks for posting it.

    (This comment being just as spoiley as my last one, feel free to not post it or wait a while...)

  16. waynemyers · 534 days ago

    Oh, and reading further, the reddit thread *is* the origin of this image, as the poster admits that they recreated the position from memory, and given that there is no legal solution as the position stands (castling being illegal, since the previous white move must have been with the king's rook) the pawn on f3 obviously shouldn't be there. (Now there is a legal last move, the Black king just came from f3 and white can castle, so the puzzle works).

    This may explain why I've been unable to find this puzzle in any of the problem databases. But I have things to do today.

    (Again, feel free not to post until appropriate :) )

  17. Rich · 534 days ago

    Interesting about Captcha, ours seems to be failing more and more. We are actually in the midst of field testing 4 different solutions because re-captcha is not so ADA Friendly (has anyone actually ever listed to the the voice version of the re-captcha, it is unintelligible).
    1. Hidden Field (if filled out then rejected)
    2. Math Captcha (with typing of answer)
    3. Picture Captcha (related to our website)
    4. Combination of above

    I may be overlooking something but in one move:
    NE2-G1

  18. Boom · 534 days ago

    Nice little puzzle! Sophos should do a weekly puzzle to keep our minds sharp

    Rook to E4
    King takes pawn (F3)
    Rook to F1
    Checkmate

  19. Jays · 534 days ago

    Wow, spent more time on it than I thought. Is there actually a solution? :)

    • Yes, it can be solved. We've had a few people already solve it (although I'm not approving their comments until a few more folks have had a chance).

  20. GS · 534 days ago

    knight @ G3 - E4

    knight @ E2 - G1

    • That doesn't work. After NG3-E4, the King can take the pawn at F3. After NE2-G1, the king can simply take the rook on G4.

  21. In the second board, white is playing up the board. So the black king isn't being checked. It's white to move, mate in two.

  22. 1. Rg4 e4
    2. Kxg2 f3
    3. O-O #

  23. mittfh · 534 days ago

    White rook from H1 to F1 (protects the pawn while giving the black king one legal move)
    Black king moves from G2 to H2 (the only legal move available)
    White rook from G4 to H4 (checkmate)

    The black king is now in check.
    The rook on H4 ensures he can't move to H1 or H3.
    The pawn on F3 prevents him moving to G2.
    The knight on E2 prevents him moving to G1 or G3.
    Therefore the black king can't move out of check.

    • That's not it.

      After the rook moves from H1 to F1, the king can move to H3. That stops the other white rook from mating on H4.

  24. Phil · 534 days ago

    RH1-H3
    either: KxH3, in which case NE2-G1
    or KxF3, in which case NG3-F5

  25. r-g1 ch then if k-h2 then r -h4 mate or if k-h3, r -h1 mate.

  26. JF · 534 days ago

    White rook from A8 to C8
    Black king forced to go from B7 to A7
    White rook from C8 to C7
    Checkmate!

  27. GS · 534 days ago

    So what if it was reversed ?

    knight @ E2 - G1

    knight @ G3 - E4

  28. Donna · 534 days ago

    If I have to spend more than 5 seconds logging in, I will leave the page and find another more welcoming site on which to buy a product or read an article. If you want people to visit your site, making it harder for them is counter-productive. You do not want to shoot yourself in the foot in an effort to protect yourself from spam.

    As for me, playing chess is not my forte and I would simply leave the site. As it is, some of those horrible captchas already piss me off enough. Make it harder and you've lost my business or commentary.

  29. Mike · 534 days ago

    Damn it. I just wasted too much time on this. I gave up and used a chess analyzer. Sneaky is right. Look at all the pieces and pay attention to their POSITION.

  30. Justin · 534 days ago

    NM, I made a typo myself... c8, stupid upside down board.

  31. Special K · 534 days ago

    Rook -> E4
    King -> F3
    King + Rook -> Castle

  32. Wayne Myers was the first to come up with the correct solution:
    http://nakedsecurity.sophos.com/2013/03/12/chess-...

  33. Nigel · 534 days ago

    In the second puzzle, how can it possibly be "white to move"? Black king is already in check by the white pawn, but how did that happen? If white pawn moved there to place black king in check, then it's black's move, not white's. But black king couldn't have moved to where it is now on its own move (which would have to have been the case if it's now white's move), because that would have moved black king into check, an illegal move.

    So it's a trick question. It CAN'T be white's move.

  34. Jays · 534 days ago

    Yep, Rook - E4 and then castling.

  35. KY · 534 days ago

    White: Knight G3-E4
    Black: King G2xF3
    White: Rook H1-H3

    Check mate in two.

  36. I'm an administrator on a large forum, so I'm always on the look out for new and inventive spam defeating techniques. Since I don't know how to play chess, this would not be one of the ones I would be more inclined to use :)

    However, there are TONS of different types of CAPTCHAs out there, but it's coming to a point where they are becoming completely broken. I've included a few links in this post with more information.

    In Search Of The Perfect CAPTCHA: http://coding.smashingmagazine.com/2011/03/04/in-... This article from 2011 details an overview of CAPTCHAs and some different alternatives to word solving ones.

    captcha.org: http://captcha.org/ - This site lists all the known CAPTCHA systems out there that are publicly available for usage. As you can see, there are many, many to choose from. Some are very innovative, and there are some that even include advertising so webmasters can monetize user registrations. I don't think the payout is very high, but its an interesting idea.

    According to many, reCAPTCHA is a completely broken system. There was a site available at one point called CaptchaTrader that would allow users to solve a captcha for a quota and then they would be awarded credits to have their captchas solved for them. This was used mainly for cyberlocker sites so users could download warez without having to sit there and fill out a captcha for every download. I have a feeling sites like this still exist, but even if they don't, OCR technology and minimally paid human solvers exist to do this anyway. There's some information about this on Wikipedia: http://en.wikipedia.org/wiki/Captcha#Circumventio...

    Google reCAPTCHA cracked: http://www.allspammedup.com/2011/01/google-recapt... A few years back 4chan/anonymous defeated reCAPTCHA with a prewritten tool that allowed them to fudge the results of a Time magazine poll for person of the year. This was called the 'penis flood' and is discussed in great detail in this article: http://musicmachinery.com/2009/04/27/moot-wins-ti...

    IMO, reCAPTCHA is better than nothing, and they do update their methodology regularly to try and defeat some of the better known tricks, but its a constant cat and mouse game with spammers. Software like XRumer can easily defeat most automated anti-spam techniques, CAPTCHAs included, so coming up with newer and different ways to implement CAPTCHAs is a novel idea, but one that will be eventually bypassed as it becomes more frequently used.

    Finally, a few xkcd comics to lighten the mood: http://xkcd.com/233/ http://xkcd.com/810/ http://xkcd.com/632/

  37. brian · 533 days ago

    How about some love for Dave's solution:

    1. Rf1, Kh2 (or Kh3)
    2. Rh1 (Checkmate)

    It's not as fancy as castling but it is no less correct. (It also happens to be the one I found.)

  38. b00nd0x · 533 days ago

    This was really fun and mentally challenging. Thanks for posting it! :-)

  39. Jay · 533 days ago

    Being dyslexic and not a chess player - my final solution:-

    1 - Transmogrify into a pigeon

    2 - Fly onto the board and knock over all the pieces

    3 - Crap over all the spaces

    4 - Fly off to the flock and claim victory

  40. Puzzled · 532 days ago

    It would certainly keep me and a lot of others out of certain web sites.
    Wonder how that would work out?

  41. BeckonsAttore · 331 days ago

    Talk about a fail captcha...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.