CAPTCHA Image Verification is one of the worst ideas in the world from usability point of view, users with poor vision or who are fatigued may find complex CAPTCHA difficult.
The phrase “You what now?” comes to mind.
Here are some alternatives, which are a little more user friendly.
Logic Test
This method essentially asked your users to solve a simple puzzle, which a bot will find difficult, or CPU intensive to solve. In this simplified example, where we are going to ask the colour of the box (or the circle in the box).
Few users will find this test hard
The combination of differentiating between shapes and colours is quite easy for a human to do, but a computer can find this quite difficult. On the other hand though, this is quite work intensive for the programmer and unless you create a wide range of questions, you are a little limited.
Dummy Fields
In a nutshell, this puts a field which is hidden via CSS which requests a common piece of information (such as email, or message). If the field has been filled in, you can assume that a bot is being used.
Unfortunately, some modern browsers sometimes automatically fill in form for the user, which is a moderate problem.
Response Timer
This is another method which does not involve users having to do anything. The theory behind this method, is to see how long the user takes to submit the form. If the user takes a short amount of time, they are either super human, or bots. This is relatively full proof as most bots will instantly submit a form.
JavaScript Extra
This technique assumes that most bots are unable to use JavaScript, so making JavaScript write a little extra piece of information to the form should stop bots. According to the W3C 95% of users have JavaScript turned on, which is good.
Akismet
This is one of the best methods of stopping spam, essentially Akismet compare what your user has posted with other stuff posted all over the internet. For me, it’s never missed any piece of spam.
Conclusion
Is there a single alternative to do it all? No, but with a combination of all the methods we can reduce the overall amount of spam. In the next example I’ve combined all the above methods (minus Akismet) into a single file which assess weather a user is human on a point system (3 out of 4 will assume human). Feel free to copy it.
I use a combination of the “Response Timer” and the “JavaScript extra”. Generate a timestamp on the server, put it into a cookie, but hashed with a secret salt, then place the timestamp into a hidden field via JavaScript. When the form is submitted, re-hash the recorded timestamp, and if it matches the cookie, magic! human!
Hi, thanks for the great tips here firstly! i want to use the response timer solution which seems the best to me, but once i did in my form action (“cgi-bin/enquiryform.pl”) the form submits anyway and ignores the php. it works fine if i remove the action, though. is there any way i can make it work to stop the form action taking place if it’s filled out too soon (i assume this is how it’s meant to work and i’ just missing something!!)
thanks