Loading...
Pricing of Yidun (NECaptcha) solution
Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?
In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.
If you discover that your site uses Yidun (NECaptcha), the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate Yidun (NECaptcha) so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.
What is Yidun CAPTCHA
Yidun is a modern anti-bot system developed by NetEase. It is based on analyzing user behavior and does not require the user to complete a task. The system tracks mouse movements, gestures, action speed, network context, and other “behavioral metrics”, and then uses ML (machine learning) to determine whether the visitor is a human or a bot.
Examples of Yidun (NECaptcha)
Smart Captcha
An intelligent bot-protection system that automatically recognises trustworthy users and lets them pass without extra actions. Suspicious visitors undergo additional verification.
Slide Captcha
A popular visual captcha type where the user must drag a slider to assemble a small puzzle.
Icon Click Captcha
Requires the user to click specific icons or image elements in a given sequence.
How to solve Yidun using CapMonster Cloud
When testing forms protected with Yidun, you often need to verify that the captcha works correctly and is integrated properly.
You can manually test the captcha added to your site:
- Open the page with the form and make sure the captcha is displayed.
- Try submitting the form without completing the captcha — the server should return an error.
- After solving the captcha successfully, the form should submit without errors.
For automatic captcha solving, you can use specialized services such as CapMonster Cloud — a tool that accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. You can insert this token into your form to pass verification without user interaction.
Working with CapMonster Cloud via API typically involves the following steps:
Creating a task
At this stage you send your API key, captcha type and parameters. The service returns a unique taskId which you can later use to fetch the result.
Sending an API requestTo solve a Yidun captcha you must specify the following parameters:
type - YidunTask
websiteURL - the full URL of your page with the captcha;
websiteKey - the value of the siteKey;
userAgent - Browser User-Agent. Pass only an up-to-date Windows UA.
Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.
Solving Yidun CAPTCHA using ready-to-use libraries
CapMonster Cloud provides ready-made libraries for Python, JavaScript (Node.js) and C#.
Python
JavaScript
C#
How to integrate Yidun (NECaptcha) into your website
To confidently understand how the captcha works on your site, how its validation logic functions, and how to configure or reconfigure it, we recommend reading this section. It describes the full integration process so you can easily understand all the details.
1. Go to the dashboard: create an account (using phone or email).
2. In the dashboard select: 产品与服务 → 验证码服务 (Captcha Service).
3. Create a new project (应用).
4. As a result, you will receive:
- captchaId
- secretKey
5. Example of Yidun frontend integration
<!-- Connecting the Yidun script -->
<script src="https://cstaticdun.126.net/load.min.js"></script>
<!-- Container for the captcha -->
<div id="captcha"></div>
<script>
// Initializing the captcha
initNECaptcha({
captchaId: "YOUR_CAPTCHA_ID", // your captchaId from the Yidun dashboard
element: "#captcha", // where to insert the captcha widget
// Triggered after successful completion
onVerify: (err, data) => {
if (!err) {
// data.validate -- captcha token
// Save it in a hidden form field
document.querySelector("#validate").value = data.validate;
}
}
});
</script>
<!-- Form that sends validate to your server -->
<form method="POST" action="/verify">
<!-- The captcha will write the token here -->
<input type="hidden" id="validate" name="NECaptchaValidate">
<button>Submit</button>
</form>
6. Server-side Yidun validation (PHP example)
<?php
// Data from the Yidun dashboard
$CAPTCHA_ID = "YOUR_CAPTCHA_ID";
$SECRET_ID = "YOUR_SECRET_ID";
// Receiving the token from the frontend
$validate = $_POST["NECaptchaValidate"] ?? null;
// If no token — return error
if (!$validate) {
echo "Captcha not passed";
exit;
}
// Preparing the POST request
$url = "https://c.dun.163yun.com/api/v2/verify";
$postData = http_build_query([
"captchaId" => $CAPTCHA_ID,
"secretId" => $SECRET_ID,
"validate" => $validate
]);
// Sending the request to Yidun
$opts = [
"http" => [
"method" => "POST",
"header" => "Content-Type: application/x-www-form-urlencoded",
"content" => $postData
]
];
$context = stream_context_create($opts);
$result = file_get_contents($url, false, $context);
// Decoding JSON
$data = json_decode($result, true);
// Checking the result
if ($data["result"] === true) {
echo "Captcha passed successfully";
} else {
echo "Verification error: " . json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
}
Possible errors and debugging
Invalid parameters
The captcha does not display or returns errors if captchaId or businessId is incorrect, if load.min.js is not included, or if access to Yidun resources is blocked. Check captchaId, businessId, correct connection to https://cstaticdun.126.net/load.min.js and make sure no CSP/firewall blocks it.
Timeout or initialization errors
The SDK returns 1004 or -1 when initialization fails. Increase timeout, check the network connection, and enable SDK logging.
Empty or incorrect validate token
Validate = null or result: false on the server. Make sure the captcha is completed, the token is not expired, not reused, and captchaId/secretId match both frontend and server.
Signature error
The server returns a signature error when parameters are sorted incorrectly or the key is wrong. Sort parameters alphabetically, use the correct secret key and HMAC-SHA algorithm, and enable logging.
Network errors during verification
Timeout, DNS, SSL, or incorrect request format. Send requests to https://c.dun.163yun.com/api/v2/verify, use Content-Type: application/x-www-form-urlencoded, and log responses.
Protection resilience checks
Try submitting a request without solving the captcha — the server should return success: false.
Perform load testing (e.g., with k6 or JMeter) at more than 100 RPS — the captcha should remain stable.
Test server reaction to expired or reused tokens — expected response: 403 Forbidden.
Security and optimization tips
Validate the token only on the server.
Store the secret key securely (environment variables or secret manager).
Check additional fields (e.g., userIP, scene) to confirm request legitimacy.
Use HTTPS for all API requests.
Implement error handling and show clear messages to the user.
Restrict captchaId usage by domain.
Supported captchas
reCAPTCHA v2
GeeTest
Cloudflare Turnstile
DataDomeConclusion
If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.
In the case of Yidun (NECaptcha), it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify Yidun (NECaptcha) and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.
Amazon Waf
Faucet Pay
Imperva (Incapsula)
Prosopo
Text CAPTCHA
MTCaptcha
Altcha
Funcaptcha
TSPD
Hunt
Alibaba
Friendly