I guess you’ve never really coded with AJAX. The only possibility is that the person doesn’t have Javascript turned on. And if they were to view source on any browser all they’ed see is the javascript functions. If the tried to call them from an outside source it would violate security and be rejected by the server. AJAX’s can work if you know the inner workings of AJAX’s and how to program with it.

Relying on Ajax to submit a form sounds like a very bad idea to me. There are too many things that can go wrong, and too many ways it can simply annoy the user because it doesn’t work as expected. If the user’s browser isn’t capable of processing the script, they can’t post. That’s a huge accessibility problem, as you have people using your blog on lots of different browsers, even mobile phones, where at least a regular POST form would work. There’s more maintenance required, because you have to keep ensuring that it won’t break in any new browser, whereas a POST form has been part of the HTML spec for years and is usable on any browser, even line-mode ones with no images or Javascript! You would be increasing security by decreasing accessibility, which is a mistake, because if a spammer were smart enough, they could simply look at your source code and figure out which request your AJAX script is sending and continue to spam. It would be a bit more work on the part of the spammer, yes, but it is also likely to frustrate some of your legitimate users. It also doesn’t account for the case where the spammer is submitting their spam posts by hand, which is often the case. Most of the form spam I’ve got on one particular blog has been from people who copy-pasted some code into the form and added a short message to it that’s semi-relevant (agreeing with someone else’s post for example).

As demonstrated in some of the linked articles, as the CAPTCHAs become more difficult for ever-more-sophisticated robots to solve, they become more difficult for humans to solve. That’s the wrong way to go as you want certain humans to post or register, and a CAPTCHA that pushes them away defeats its own purpose.

I think the best solution is a game that involves motion, logic, and has a timestamp component to it (i.e. you have to click a moving target and the time at which you click is as important as where you click). The latency of proxying would cause the timing of the click to be out of whack.

- Greg

Another idea I had was if you have some form of article or news system on your site, upon generating the registration form pull a random article and also say for arguements sake one word from the first sentance. And then ask the question “What is the 5th word in the first sentance of this (link) article?”.

Just a few ideas.