I basically use one trick on my site to prevent Spam and it works great (at least until spambot programmers will read this post 😉 ).
Code is like this:
In the script that builds the site which contains the form, I implemented:
$_SESSION['lastSiteId'] = 'something Unique';
$_SESSION['lastSiteRequest'] = time();
The script that contains the logic to write the comments to a database contains this:
if($_SESSION['lastSiteId'] == 'something Unique'
&& $_SESSION['lastSiteRequest'] + 5 < time()){
insertComment();
}else{
echo "Please read the article before posting a comment";
}
Remember this is pseudocode to give you the idea. You have to implement it all alone in the end… 😉
All it does is checking if more than 5 seconds have passed between redering the form and sending a POST Request.
Be warned that spambot engineers are not sleeping. Bets are, that spambots can wait a few seconds before posting unwanted input if the programmer wants it that way.
Question would be: How much spam messages can be send if the Spammer have to wait 5 secs between the requests? See, maybe this IS the final solution to Spam prevention.
Combining time tests with javascript tests (if possible and wanted) plus prefilled/unfilled hidden fields tricks, you should be save from spam a few years from now on.