Ajax Girl

Phil Haack has a new take on using a Honeypot technique for CAPTCHA.

The most similar technique to this one is what WP-HashCash does, using JavaScript to fill out a form before it gets submitted, and assuming that evil bots don’t grok JavaScript. Unfortunately, I have found in the past that some bots seem to run Rhino and do even do JavaScript-y things.

Honeypot takes the opposite approach, and assumes that bots will fill out form field with names that it understands:

To exploit this, you can create a honeypot form field that should be left blank and then use CSS to hide it from human users, but not bots. When the form is submitted, you check to make sure the value of that form field is blank.

The problem is that if a certain reader doesn’t take the CSS into account then users will also start putting in data. Ah, the noble goal of invisible CAPTCHA. Would this work for you?

Source: Ajaxian
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/175350006/honeypot-captcha