In the end I decided not to bother with captcha itself and went with a simpler solution for my users. Instead of captcha I have a hidden form field whose value is the current date and time in encrypted format which I then check on submission to ensure that the form is not submitted too quickly. I also use javascript to inject a checkbox in to the form which users have to check to confirm that they are not a spammer, most bots wont be able to process javascript so if the field is not present in the form submission then it will not be accepted.
↧