Un-Captcha Techniques Redux
I've spent a bit of time working on alternative CAPTCHA techniques, mostly because I've found that the vast majority of CAPTCHA offerings are non-intuitive and even for people with excellent eyesight, don't always "make it" the first time around. I have pretty good vision, but I find myself constantly frustrated by stupid case-sensitive CAPTCHA requirements that I simply cannot pass the first, sometimes the second and even as many as three tries.
Webmasters and site developers are like lemmings - they seen something that somebody promotes, they copy it, they use it, but they DON'T THINK!
WTF? All one needs to do is look at Jeff Attwood's blog and you can see that he requires the user to type in a clearly readable "ORANGE" every time - and it works perfectly! The Bots simply don't get it. It's easy to see, easy to read, and shows how UTTERLY RIDICULOUS these various CAPTCHA images are to the user, and how they literally destroy the user experience!
One technique I pioneered was the use of an Image - to - HTML captcha that renders as HTML.
But! There could even be an easier way:
This concept is based on the fact that most spam - bots are, in a word, "dumb".
Here is the technique:
1) Add an input field to your form having some interesting name such as "url":
<input name="url" type="text" value=""/>
2) Hide the input box with a css style element so that real (human) users cannot see it directly:
<p class="captchaStyle"><input name="url" type="text" value=""/></p>
In your code that processes the form, check if the “url” formfield contains any value. If it does, it's a bogus post because it was a bot that saw the field and "thought" that it was supposed to fill it in, so you would reject it or set it up for moderation.
It works because geniune users cannot see a hidden input box on your form and therefore, they won’t fill it, while robots do see it, assume that they need to provide a value, and fill it in.