Client recaptcha doesnt help much...

Question

Hi all,

I am using recaptcha with jquery and ajax to protect a form in a website i m working on. But i think i am missing something cause a spam bot will simply post directly to the form handler right?

what can i do then? I really need to keep the recaptcha control on a modal dialog for several reasons one of which is screen real estate.

btw, I am using asp.net mvc.

thx

Answer 1

You need to ensure that your form contains some information that can't be guessed at by a spam bot - if your recaptcha is to all intents and purposes 'optional' then it's useless. :( Could you have a hidden form field that is populated by javascript and which contains e.g. a suitably obfuscated timestamp (in UTC to avoid timezone problems)?