kaPoW: Web-based Client Puzzles

kaPoW transparently protects against automated web attacks using Proof-of-Work (PoW) or client puzzles. It embeds PoW challenges as attributes in HTML tags and supplies clients with a JavaScript solver. The client's browser uses the solver to generate a solution and modifies the URL to include the challenge and solution as standard HTTP query parameters. With the modified URL, a client can succesfully retrieve the protected resource.

kaPoW can be used in conjunction with CAPTCHA tests to protect web applications against attack and addresses several of CAPTCHAs shortcomings. In particular, kaPoW

Currently, there are two ways for using kaPoW to protect web content

kaPoW is currently supported by the National Science Foundation under Grant Number CNS-0627752. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. If you are interested in using or contributing to mod_kaPoW, contact us.