Spam protection

How can I protect the form from spam, without capacha. So far, the idea is to do md5 ip + browser when the user enters the page, then write it in a hidden field, and check when submitting + check the ref and ip. What other ideas?
UPDATE

//    
function showRequest(formData, jqForm, options) { 
// formData - ;   $.param         alert(),
// (   ),     jQuery Form   .
//var queryString = $.param(formData); 
// jqForm  jQuery ,   .
//       
// var formElement = jqForm[0];
//alert('   : \n\n' + queryString); 
//    false    ; 
//    fals    .
return true; 
}

How do I add a variable change here before submitting?


Answer 1, authority 100%

Only captcha! No hidden fields. You can easily take them with a script, like any cookies. So just captcha! And a delay for a certain number of minutes with recording IP + time in the database.


Answer 2, authority 33%

You can take a large dictionary of questions instead of a graphic captcha:

  • Who is the President of Russia?
  • In what year did the Patriotic War begin?
  • Who was the first astronaut in the world?

If the dictionary is large and changes periodically, it will be difficult to crack. But it is definitely more expensive than a graphical captcha, since you need to create and update a dictionary.


Answer 3, authority 33%

Hidden fields can be parsed and sent, it seems to me that it would be more realistic to process using javascript the event of clicking on the send button, and change any field before sending, and then check it, if it’s not correct, it means a bot, not a person, not wealth – won’t work with javascript disabled


Answer 4

The MB sentence is childish, but if you think about it, what is the fundamental difference between a human and a bot?

For captcha – he sees the text on the picture.

To change margins – it doesn’t see what is hidden via css.

Another option is that a person does not write instantly. That is, you can be confused about this. Print speed for secretary graduate – 180 characters / min, 3 characters / sec. What we do:

File with the form (if you make an ID for each form, the penetration will decrease even more, I take this option)

<?
if (!empty($_SESSION['FORMS']['comment'])) { //    
$ban_speed = 180 /*  */ / 60 /*   */;
$time_watch = 30; //   , ..        
if (!empty($_POST['username']) && !empty($_POST['msg']) && !empty($_POST['comment_type'])) {
  if ($_SESSION['FORMS']['comment'] + $time_watch < time()) die('spam detected'); //    ,        -  -     
  if (strlen($_POST['msg']) < 3) die('No smilies'); //    
  if (strlen($_POST['msg']) / $ban_speed < (int)$_POST['comment_type']) die('keyboard sprinter detected'); //      180    (    submit,    250 .)      
  //    > 3 ,  ~90%  .        5    .
  }
} //       -  POST 
$_SESSION['FORMS']['comment'] = time();
?>
<script type="text/javascript">
var currentForm = false;
function startType(formid) { //  
if (currentForm) return false;
currentForm = formid;
}
function endType() { //  
currentForm = false;
}
function checktype() {
if (!currentForm) return false;
document.getElementById(currentForm+'_type').value++;
}
setInterval(checktype, 1000); // ,       
</script>
<form method="post">
: <input type="text" name="username" /><br />
: <br />
<textarea name="msg" onfocus="startType('comment')" onblur="endType()"></textarea>
<input type="hidden" name="comment_started" value="0" />
</form>

Naturally in this code, most likely a lot of errors, because wrote here. The essence should be clear.