Recently randombase.com has been discovered by spammers, the comments were flooded with the classic viagra junk and stuff. Since I hate captcha's for verification purposes (they annoy the users), I wrote a small Javascript / PHP application. You need to know that spammers use automated software, mostly in a way they just read your html source, parse out the form data and send the POST request to your server. There are no 'real' browser windows involved, to get an idea on how a spammer sees your site, check out Lynx. They can not parse Javascript, and that's where it gets easy: just add a dynamicly generated and hidden form entry.

You could do this simply using a static type of text, using code as:

document.getElementById('commentForm').innerHTML += "<input type='hidden' value='nospammerskthxbye' name='nospam'>";

Of course, this would only work if your form has the id 'commentForm' and if your server checks if the variable is sent with the request and contains the correct data. You can make it a little more advanced, by using some obfuscation:

document.getElementById('commentForm').innerHTML += "<input ty"+"pe='hidden' value='no"+"spamm"+"erskthxbye' name='nospam'>";

This would help if the spammers just parse out all <input> style tags and send them. For RandomBase itself, I wrote an extremely simple algorithm, it is useless in every way. It basicly takes the IP of the user and transforms it into a static number. The algorithm is both in Javascript and in PHP. The Javascript version is:

function generateHash(seed)
{
s = seed.split(".");
h = 0;
for(var d in s)
{
h += s[d] * s[d] * s[0];
}
return h;
}

The PHP version is the same but of course adapted:

function generateHash($seed)
{
$s = explode(".",$seed);
$d = 0;
foreach($s as $a)
{
$d += $a * $a * $s[0];
}
return $d;
}

Useless probally, but it makes it a little harder again for spammers to beat the comment form...