BotDetect CAPTCHA ASP FAQ

No, the minimum platform requirements for BotDetect ASP CAPTCHA are Windows 2000 and IIS 5.0.

No, our product requires IIS 5.0+ in order to run properly.

You need to have full admin rights on the server to install and use the BotDetect ASP CAPTCHA, since it is a COM component which needs to be registered on the server to work. You will have to ask your web presence provider to install BotDetect for you. You'll have to send them LanapBotDetect.dll, gdiplus.dll and these instuctions.

It is not necessary to run the installation package. You can just copy LanapBotDetect.dll and gdiplus.dll into the same folder anywhere on the target server machine (for example, C:\Temp\) and run the following from the command line:

regsvr32 /i "C:\Temp\LanapBotDetect.dll"

You'll need to restart IIS before registering a new version of BotDetect because that is the only way to make IIS release the LanapBotDetect.dll handle. Unfortunately, there is no workaround - this is IIS behavior "by design".

Here is the step-by-step upgrade procedure:

1. Copy the full version of LanapBotDetect.dll to the server
2. Stop IIS
3. Register the full version of LanapBotDetect.dll with the regsvr32.exe utility.
4. Start IIS

You are still using the trial version of BotDetect.

Register LanapBotDetect.dll with the regsvr32.exe utility again. Please check that it is the full release version. You can do this by right-clicking it in your Windows Explorer and selecting Properties, swithcing to the Version tab and checking the Description value – as shown in the picture:

To resolve this problem, assign NTFS Read and Execute file permissions to the appropriate user accounts (IUSR_<machinename>, NETWORK SERVICE) for LanapBotDetect.dll. Right click the LanapBotDetect.dll file, select Properties, switch to the Security tab and change the permissions.

This error is very similar to: http://support.microsoft.com/default.aspx?scid=KB;en-us;q278013.

It appears this problem is caused by GDI+ trying to write the temporary gdipfontcachev1.dat file (a "printer font cache") to a folder it doesn't have permissions to. Since the gdiplus.dll is loaded by LanapBotDetect.dll, which is in turn loaded by IIS (i.e. w3wp.exe), GDI+ runs under a user account with limited permissions.

Unfortunately, we were unable to find a configuration option for GDI+ to prevent it from trying to write that file, or to instruct it to write it in a specific location. The good news is that it apparently needs to write that file only once. So here is a workaround for the issue:

1. Temporarily give "Everyone" full access to the C:\ drive
2. Run the webpage and wait for GDI+ to create the file in the C:\ root
3. Copy the file into the C:\Windows\System32 folder and change permissions on that file only to Modify by Everyone
4. Delete the C:\gdipfontcachev1.dat file and remove Everyone access to C:\
5. The error should then stop occurring.

When using load-balanced servers, you will have to ensure that clients return to the server containing their existing Session state data on all HTTP requests after the first one (known as enabling sticky connections). Please check your load-balancer settings.

This step is necessary since the ASP Session state is always kept in worker process memory, which only exists on the server where each individual worker process is running, and it can't be shared between multiple servers.

You can use FrontPage as long as you use ASP or PHP for form processing. Simple FrontPage Forms that use FrontPage Server Extensions are NOT supported.

Yes, BotDetect CAPTCHA can be integrated in PHP pages, but only on servers running Windows (since it's a COM component). You can find detailed instuctions and sample code in the How To add BotDetect CAPTCHA protection to PHP forms guide.

You can randomize all BotDetect CAPTCHA property values easily. Here is an example ASP code snippet which chooses a random CAPTCHA rendering algorithm from the specified set of possible values:

<%
Function RandomFromRange(lowerLimit, upperLimit)
  Dim num
  Randomize
  num = CInt((upperlimit - lowerlimit)*Rnd() + lowerlimit) 
  RandomFromRange = num
End Function

Function RandomFromValues(values)
  Dim num
  Randomize
  num = RandomFromRange(0, UBound(values))
  RandomFromValues = values(num)
End Function

Dim algorithms(5)
algorithms(0) = 28  'Lego
algorithms(1) = 36  'MeltingHeat
algorithms(2) = 44  'Ghostly
algorithms(3) = 25  'FingerPrints
algorithms(4) = 39  'Graffiti2
algorithms(5) = 48  'Bullets

' choose a random TextStyle
Dim style 
style = RandomFromValues(algorithms)
%>

<img src=
  "LanapBotDetectHandler.asp?Command=
  CreateImage&TextStyle=<%=style%>" alt="CAPTCHA image" />

You can force the CAPTCHA image to reload from the server instead from the browser cache by adding the current timestamp in the CAPTCHA image Url querystring:

<img src="LanapBotDetectHandler.asp?Command=CreateImage&t=
    <%= year(now) & right("0" & month(now),2) & _
      right("0" & day(now),2) & right("0" & hour(now),2) & _
      right("0" & minute(now),2) & right("0" & second(now),2)
    %>" 
  alt="CAPTCHA image" />

You have most likely forgotten to include CAPTCHA validation code in the ASP script that processes your form's submitted data. You can see an example code snippet for CAPTCHA validation in the How To add BotDetect CAPTCHA protection to ASP forms guide.

Also, you might want to take a look at the Form Processing sample that comes with BotDetect installations. Note that the code in ProcessingFormDemo.asp is just used to generate CAPTCHA images. The validation of user input – i.e. checking that the user submitted the same code as displayed in the CAPTCHA image – happens in the script that processes POSTed form data, called ProcessForm.asp.

No, you can persist the CAPTCHA code in any server-side container that suits your needs. LanapBotDetectHandler.asp uses the built-in ASP Session state for simplicity, but you can freely replace that code with your own method of persistence (e.g. database persistence shared between multiple load-balanced servers).