Imported From: http://groups.google.com/group/in-portal-dev/browse_thread/thread/5dc836fb951a5077#
Today most popular approach is to place captcha code on form to verify, that
humans (not search engines) are submitting site forms. More dirty captcha
image is, more chances are spider/bot won't be able to recognize it. On the
other hand it makes form submitting uncomfortable for users. Also captcha is
used only on forms, when user is not logged in.
Here is approach, that is not using captcha, but still provides same level
of protection:
1. after page with form is loaded, then send ajax request to server
2. in ajax responce send random name and random value + save both to
session
3. when ajax responce is received, then dynamically add hidden field with
received name and value
4. when form is submitted, then check, that submitted value matches
generated one from session
We are generating random hidden field name to allow same form to be
submitted from different tabs of same browser, when we have same user
session.
Because of spiders don't execute page javascript this approach can work.
--
Best Regards,