Warning: I wrote this blog in 2008. That is a long time ago, especially on the internet. My opinions may have changed since then. Technological progress may have made this information completely obsolete. Proceed with caution.
It’s been a while since I implemented a spammer’s honeypot on this blog. It has been extremely effective, so much so that I disabled the captcha. All I do is put a hidden form before any blog posts are displayed. Humans never see it, but spambots all see it, and apparently they are configured to submit spam to the first form on the page. In fact the only spam that has gotten through in the last year has been spam that submitted to all forms on the page, not just the first one. (I think this just happened once though.)
Fast-forward to a few days ago, I noticed that the excerpt of a page that Google shows displays the hidden comment submission form. This doesn’t particularly matter, but I’d prefer it not be there. So I added a check on useragent, and if it appears to be a search engine bot the honeypot is not displayed. Well apparently spammers use a two-step process. First they scan for blogs with forms while pretending to be googlebot. Then they submit to those forms pretending to be a normal user’s browser (usually IE 5.5).
Or maybe the spammers were just trying to wish me a happy twenty-seventh birthday by flooding my site with links to porn.