Securing forms without CAPTCHA
I want to keep the forms short, without the CAPTCHA. And, with some tricks, like checking server headers, I was able to control the spammers.
Now a days, I find that spammers are researching my sites. Through several attempts, they have now specialized in cracking the systems. For example, the team at 213(.)5(.)71(.)86 is dedicated to crack my sites. I just don't like to black list their IP because, some day, it could be a legitimate user. And it is not possible to add all spammers IPs in the blacklist.
I would like to discuss here some advanced ways to protect the pages without CAPTCHA and pick your ideas to come up with a really strong method.
My latest model was using js/css/php/html for this.
- pre-populate the "email" element with some dummy email address. Use a different name to collect the real email address.
- Hide the element with css.
- Checking back if $_POST['email'] has some contents.
- Checking Headers back (This was broken)
I am safe at the moment now.
If not they can break this automatically through their crawlers, I am sure any of the spammers team will be researching to crack my websites - because they know - if they are successful in doing so, they can send hundreds of emails within my networks, for free.
I would like to know your ways.