Secure your website from spammers and hackers

Make Bots Work For You

By making user's browser solve math you will limit the amount of spam,
secure your site against brute force attacks and make some cash (cash feature coming soon.)

Protect Against Web Spam

Typically various "Internet SEO Companies" try to leverage poor forum software protection against mass submission and create many worthless posts with links to a website they are promoting.

Some forum and blog software implement various CAPTCHA solutions but these have two negative aspects:

  • They annoy your visitors.
  • They provide a fake sense of security.

Today it is possible to buy access to API which solves any kind of CAPTCHA for just $0.70 per 1000 CAPTCHA images solved by a real human being. And do you really think your customer will be happy to try to solve one of these ridiculous CAPTCHAs?

Secure Against Brute Force Attacks

Many modern applications are susceptible to brute force attacks. Take a typical login form, for example. Hackers can compromise account security by trying every possible password combination. They can also leverage a large network of proxy servers to paralelize this attack. Forcing their browser to work hard makes it too expensive and slow for hackers to perform a brute force attack.

Based On Open Technologies

We leverage the following features:

  • Asm.js
  • HTML5
  • Web Workers

Browsers supported:

  • Google Chrome 7+
  • Mozilla Firefox 4+
  • Internet Explorer 10+
  • Opera 11.6+
  • Safari 5.1+
  • Android Browser 4.4+
  • iOS Safari 5+
  • Blackberry Browser 10+

Signup for our updates:

Quick start:

1. Grab a plugin for your platform:

2. Quickly generate keys (make sure to unlock "Generate" button first!):

(optional) 3. Custom integrate it.

If you are using custom code or a framework/CMS which is not yet supported, you can use jQuery.hashcash.io plugin for super simple integration. Simply add jquery.hashcash.io.min.js into the head of your HTML page and call it for the form which you would like to protect.

On a server side you need to make a single call to hashcash.io server to verify that the work was indeed done.

Client:
<html>
  <head>
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <link type="text/css" rel="stylesheet" href="jquery.hashcash.io/jquery.hashcash.io.min.css" media="all" />
    <script src="jquery.hashcash.io/jquery.hashcash.io.min.js"></script>
  </head>
  <body>
    <form action="/addcomment" method="POST">
      <textarea name="comment"></textarea><br />
      <input type="submit" value="Submit Comment" />
    </form>

    <script>
      $("form input[type=submit]").hashcash({
        key: "YOUR-PUBLIC-KEY"
      });
    </script>
  </body>
</html>
Server:
if (! $_REQUEST['hashcashid']) {
  die("Please unlock submit button.");
}

$url = 'https://hashcash.io/api/checkwork/' . $_REQUEST['hashcashid'] . '?apikey=[YOUR-PRIVATE-KEY]';
$work = json_decode(file_get_contents($url));

if (! $work) {
  die("Please try again");
}

if ($work->verified) {
  die("This proof-of-work was already used");
}

if ($work->totalDone < 0.01) {
  die("You did not wait long enough");
}

saveAndPublishPost();
# part of the standard Ruby library
require 'open-uri'
require 'json'

# denotes a HTTP route
post '/addcomment' do
  id = params[:hashcashid]
  privkey = "YOUR_PRIVATE_KEY"
  
  if not id
      return { :error => 'Please unlock submit button. }
  end
  
  url = "https://hashcash.io/api/checkwork/#{id}?apikey=#{privkey}"
  
  # JSON will break if empty response.
  begin
      work = JSON.parse(open(url).read)
  rescue Exception => e
      return { :error => 'Something went wrong.' }
  end

  if work['verified']
      return { :error => 'This proof-of-work was already used' }
  end
  
  if work['totalDone'] < 0.01
      return { :error => 'You did not wait long enough.' }
  end
      
  do_your_thing
end

Courtesy of Maxwell Bernstein

var express = require('express');
var bodyParser = require('body-parser');
var app = express();
var restler = require('restler');

var key = "[YOUR PRIVATE KEY]";
var complexity = 0.01;

var validateHashcash = function(req, res, next) {
    var id = req.param('hashcashid');

    restler.get(
        'https://hashcash.io/api/checkwork/' + id,
        { query: { apikey: key }}
    ).on("success", function(data) {
        if (data.verified) {
            return res.json({ status: "error", message: "This proof-of-work was already used" });
        }
        else {
            if (data.totalDone > complexity) {
                return next();
            }
            else {
                return res.json({ status: "error", message: "Not enough work done" });
            }
        }
    }).on("fail", function() {
        return res.json({ status: "error", message: "[fail] Proof of work not calculated" });
    }).on("error", function() {
        return res.json({ status: "error", message: "[error] Proof of work not calculated" });
    });
};

var addcomment = function(req, res) {
    return res.json({ status: "success", message: "comment posted" });
};

app.use(bodyParser());

app.post(
    '/addcomment',
    validateHashcash,
    addcomment
);

app.listen(3000);

About Us

We are passionate about technology and online security. If you have anything to say - feel free to reach us at webmaster@hashcash.io

Links