15 Aug
2006
15 Aug
'06
10:04 p.m.
One that is less cumbersome than the "type in the word in the weird image" approach is to set a cookie-like hidden parameter from the server when it generates the form (I'm assuming php or perl behind a dynamic server). In the cookie you can put the timestamp and encode the thing using a simple cipher. When you get the cookie back, you check whether the timestamp is within a reasonable range. The spambot would have to refetch the original form, insert his crap and resubmit it, since it's not able to generate the hidden parameter on its own. Most (all?) won't do that.
Cheers, Markus