Step 4: Find the WWW_CAPTCHA_VENDOR setting on the site configuration screen, and use the pulldown menu to select your desired CAPTCHA solution. If this is not set, then no CAPTCHA solution will be used. 

Don’t set this until all other steps have been completed, or else the login, new password and subscription pages will stop working.

Once you have saved your new configuration settings, the public login, new password and subscription screens will automatically use the CAPTCHA solution of your choice, and by defining a secret LISTSERV Captcha Badge, bots will be unable to bypass the CAPTCHA validation, offering the best protection against abuse of your forms. 

The WWW_CAPTCHA_VENDOR value may also be configured in site.cfg or go.user, in the same format as shown in Step 1 for WWW_CAPTCHA_BADGE.

IMPORTANT: For UNIX, LISTSERV depends on a captcha.php file in the archives/captcha directory.  The captcha.php file REQUIRES PHP version 8 at minimum.  It will CRASH on earlier versions (e.g., PHP 7).  Please ensure that you have a new enough version of PHP installed on your server if you wish to use the CAPTCHA feature.

If you want to use the PHP script, make sure that PHP 8 or later is installed and enabled. And if you’re using HTTPS, make sure that extension=openssl is uncommented in the php.ini file.

IMPORTANT: For WINDOWS, LISTSERV depends on a captcha.aspx file in the archives/captcha directory.  The captcha.aspx file REQUIRES Microsoft ASP.NET to be installed on the machine running LISTSERV. Please ensure that you have ASP.NET installed on your server if you wish to use the CAPTCHA feature.

If ASP.NET is absent, IIS will report a “405 – HTTP verb used to access this page is not allowed”.

Install ASP.NET by going to Control Panel -> Programs -> Turn Windows features on or off -> Internet Information Services -> World Wide Web Services -> Application Development Features. Then check the boxes for ASP.NET 4.8, .NET Extensibility 4.8, ISAPI Extensions and ISAPI Filters.