I doubt there is anything actually new here, I've read about random ideas on this subject and had a few of these on my own, but I haven't seen anything like this in one package that's easy to use. I originally wrote for a client and it has reduced spam posts to zero since being put in place. I realize there is room for improvement, just decided to post it to get suggestions and ideas from others. This class works on all html types of forms(buttons, checkboxes etc) and is completely transparent to the end user(unless they try to spam you and their post gets dropped).:p

There's a little demo in the zip.

http://www.bpform.com/

P.S.
I hate visual captchas.

The Form Name Hashing is a good idea I've thought of myself, with each unique user to have the name field with a different hash. It would make it impossible for a bot to figure out what is what.

Also a good way I've found to stop bots is too just Hide the form in escaped javascript and then put it in a document.write unescape.

Yeah, the hashing is also salted with the day of the month so it's always changing. You could get creative with the salt so it's unique depending on ip, user agent etc, I just kept it basic.

Well I can write a particular bot for your site and can do it in a few hours
but if I have to make a bot for captcha images , heh I would need 1000 monkeys to tell me whats on image ,

I just finished reading your site, and I apologize for the nuances I just said :) ,
your class do provide nearly impossible way to decode the field names so thus is better replacement for images

Very nice :) I think I'll use this now instead of images.
Green added :)

Looks good. God I don't have to type those captcha's again, if this gets implemented everywhere.

Very nice thought!!! the idea is simple and will block alot of bots!

Dude that's ingenious! Only flaw I can find is if it's a login form and people are using things such as Roboform.

If this was only used for like contact forms, then it would perfect :)

+Rep

Dude that's ingenious! Only flaw I can find is if it's a login form and people are using things such as Roboform.

If this was only used for like contact forms, then it would perfect :)

+Rep
That's a good point. In that case I'd use it on the reg page and posting page, but not login. :D

Great ...
Here is my version
http://www.vision.to/antispam-techniques.php :-)

I do have also hash and form "serial number" ...
the hash contains session, time, ip, browser and file name ... etc ...

:-)
spam dropped 100%
analyze contact form
http://www.vision.to/contact.php

It could be made even harder if adding to an array different form field names for "nocomment" field, so it checks against with each page load ...