Markus Wild wrote:
One that is less cumbersome than the "type in the word in the weird image" approach is to set a cookie-like hidden parameter from the server when it generates the form (I'm assuming php or perl behind a dynamic server). In the cookie you can put the timestamp and encode the thing using a simple cipher. When you get the cookie back, you check whether the timestamp is within a reasonable range. The spambot would have to refetch the original form, insert his crap and resubmit it, since it's not able to generate the hidden parameter on its own. Most (all?) won't do that.
Well, IMHO this is no better than my solution using JS What do you do if someone has cookies disabled? I for my part often reject cookies 'just because' when I dont feel they're really needed... So I dont know which part of all surfers is bigger, those with lynx or those with js disabled Actually in the last 7 day there wasn't a SINGLE lynx hitting ALL of my hosted domains...
But of course this is always a matter of opinion and it can vary a lot depending on the website. But IMHO if a user using lynx cant add an entry to a guestbook this is no big loss for me...
Just my 2c
Matt