For the “honey pot” method, I use a hidden css div layer to hide 4 fields (IamSpam, MyEmail, MyComments, and a random character field like w3Rtp) that are then checked upon submit. To answer the question of accessibility in the “honey pot” method, the hidden div is placed BELOW the submit button and is preceeded by the statement “Anti-Spam fields hidden with CSS: Please DO NOT change the information in these fields.” The text is in the hidden div as well so only users with stylesheets turned off or a screenreader will come across them.

The code that I wrote to analyze the content of the form fields looks for the same data in more than one field (bots commonly enter the same data more than once!) AND it looks for any type of url (http://, a href, etc.). The key to the content analysis is making sure that the options available to the user through the form do not give them a chance to submit duplicate data or urls. If so, then those fields must be left out of the check.

So far it has been 100% effective and I now have it in include files so I can easily implement it in a new site. I’ve been meaning to create a cfc using the same code but just haven’t done it yet!

I use a combination of session control and “toggle” fields as described above with 100% success.

I also use some POST content analysis (Scan for urls and rejected words) to reject some of the HUMAN bots which seem to be coming out of CHIANDONG Province and some Malyasia. I believe it is some kind of agent software which is able to RECOGNIZE that captha is in place, and prompts a human so that THEY can enter the value and allow the post

100’s of thousands of posts can be generated on sites in a matter of months. It is ridiculous to think requesting users to enter a small code is any great task. After all this is also for their benefit too.

I use captcha and also the hard coded questions on my sites and find that the combination stops spam bots dead. If you can come up with a better solution, then by all means let us all know.

I’m personally getting by with the hidden field using CSS trick right now. The label on the field says “Leave this field blank” so even people who do see it should leave it blank. And their submission doesn’t get discarded if they do fill something in — it just throws an error, so they can still go back and fix it.

The “honey pot” idea is also a nice one - having a field hidden with CSS that only bots will fill-in; there’s still an accessibility problem there for non-standard devices that will see it. But I think it’s still better than CAPTCHA.

btw - turning off comments entirely is not an accessibility issue, because it’s the same for everyone. But comments aren’t really important anyway - it’s mission critical uses like signing-up for an account in the first place, or verifying financial transactions, that I object to (and also, ironically, those are where it’s most necessary to have bot protection, but there you go!)

Bots are “our problem” because it’s up to us to find a way - we’re part of the same production chain, in a sense, whereas users are consumers. We benefit from users on our site more than users benefit from being on it, hence the prerogative is ours.

As for CAPTCHA, I do not use them, I prefer to use something like akismet.

For example, there’s WS-Gatekeeper for Wordpress blogs: http://www.meyerweb.com/eric/tools/wordpress/wp-gatekeeper/

or NoSpam! for vBulletin:
http://www.vbulletin.org/forum/showthread.php?t=124828

A couple other alternatives are outlined at:
http://www.arraystudio.com/as-workshop/the-captcha-alternatives.html

http://akismet.com/