How to detect malicious scripts and prevent registration?

Question

today just a general question about preventing scripts to register on my site.

I've got five different registration form for different services and recognized a significant growth of fake registrations. These registration are obviously performed by scripts. Thats why I'm searching for mechanism for detecting scripts in my form and than preventing them to register to my site.

All the forms are written in Java, so I use JSPs as frontend. To use captchas isn't an option, while there are good OCR-technics to hack them. My form basicly consists of 5 input-fields with validation for valid address and email. But if a script uses a standard address (e.g. Springfield, 10 Mean St) and an emailaddress like [email protected] it is possible to succeed.

Known technics:

• time to fill out all field: every human being needs at least 30 sec. to fill out, everything with less than 30 sec. is a script
• hidden form field: a standard script scans a website for form field and posts some garbage into them, a human being never would fill in values in hidden form fields, a script would do this

More possibilities for script detection?

These technics arn't that save and only mark another obstacle for scripts. But are there further technics to detect and avoid scripts?

I really look forward to your experienced and creative answers. :)

Thanks ahead.

Answer 1

I use a capacha that makes users click in a circle that is broken. while there are other ciomplete circles on that page. i'ts a one click validation.

You can also let them click in the bigest circle that has a certain color