I just had a little idea this morning and I wanted to share it with you.
The basic idea is, that I hate captches and probably most of you do as well. And so I came up with this idea. I thought about the fact, that the main difference between bots and humans is their interactivity on a website.
That's why I wanted to put eventListeners on the website and even some of the form elements and check the score.
Basicalle I have "captures" that can be loaded individually. Each capture adds +1 to a hidden input field. When the event occurs, the hidden input field will be decresed and another one will be incremented. If no events occur, but the bot has javascript enabled, there will be a high count in one of the field but actually there were no interactions.
This is kind of a double check to see how many captures there were in the form (e.g for your PHP Script).
This is the test site i've set up this morning:
rhscripts.de/…
Captures are at the moment: scrolling, mouse movement, focus, tabbing, key down and clicking to input fields.
My questions is, what do I do if there is no JavaScript enabled, how to detect spam anyway or do you have other cool ideas to do a "hidden" spam detection the user is not invoked in? I could maybe give the user a message that he was clarified as spam and he should do further steps to proof he's not? e.g a simple link, confirmation email, other thoughts and ideas are appreciated!
Also I would like to hear your feedback on that idea.
Best Regards
Robert