Stop spam without captcha

Question

I want to stop spammers from using my site. But I find CAPTCHA very annoying. I am not just talking about the \"type the text\" type, but anything that requires the user to

Answer 1

I combine a few methods that seem quite successful so far:

1. Provide an input field with the name email and hide it with CSS display: none. When the form is submitted check if this field is empty. Bots tend to fill this with a bogus emailaddress.

2. Provide another hidden input field which contains the time the page is loaded. Check if the time between loading and submitting the page is larger the minimum time it takes to fill in the form. I use between 5 and 10 seconds.

3. Then check if the number of GET parameters are as you would expect. If your forms action is POST and the underlying URL of your submission page is index.php?p=guestbook&sub=submit, then you expect 2 GET parameters. Bots try to add GET parameters so this check would fail.

4. And finally, check if the HTTP_USER_AGENT is set, which bots sometimes don't set, and that the HTTP_REFERER is the URL of the page of your form. Bots sometimes just POST to the submission page causing the HTTP_REFERER to be something else.

I got most of my information from http://www.braemoor.co.uk/software/antispam.shtml and http://www.nogbspam.com/.