There’s CAPTCHA solutions.. though not always user-friendly, I’ve had to look into other ventures to help overcome spam (though never 100%).
One solution over not using CAPTCHA is to add a hidden input with a value. In JavaScript, delete that hidden input. On the server side, test if it was posted or not. If it was, there’s a possibility of it being spam – then from there you can hold the account for review or simply ignore it.
Another solution (this is a bit more complicated) involves writing a class that randomizes the input names based on a server session key. From there, you output the input names (scrambled/random text)… On POST, you then “decode” the scrambled text into meaningful input names and continue on with your validation, etc. If you can’t “decode” it into something logical, or expected input names, then it’s a false submission. One easier way of this method is to store input names in sessions, then access them $_POST[$_SESSION['input']['name']]
, etc. There’s something like this already out there located here.
Lastly, using any of these methods, NEVER, EVER fail the submission and show the user a failure message solely due to these detection methods. Doing so will reveal that you have some sort of system in place to stop spam and alert these spam bot developers that they need to revise their script – possibly even just to attack your site even more frequently. Of course, with that said, you’ll still want to continue failing the submission if someones email address isn’t right…
8
solved Anti spam for web forms? [duplicate]