If AI bots are spamming your site's contact form, I found a solution that doesn't use captcha [View all]
I recently read that AI bots are searching the web for such contact forms and figuring out what to submit. (That would not be a good use of a human's time, just to spam one form.) I hate those captcha things (especially the "select all images of bicycles" type), but lately I've been getting so much spam on the "help" and "contact us" forms on my site that I was thinking I would have to start using them. However, it occurred to me that one way that might defeat those bots would be to set a dummy URL in the form's action, but then set the real URL in an onload( ) function in the body tag. This seems to work -- the bots aren't executing the JavaScript. In the form, I set a URL to a script that logs the REMOTE_ADDR variable, then redirects to that same address, which typically fails, but it takes the browser's full time-out period to do so. I just changed it this morning, and so far it's already logged four requests from the four different IP addresses, so I've added those addresses to my website exclusion list.