Gotcha is sort of a take off on "captcha." The idea was first mentioned on http://drupal.org/node/166921 as a possible way to trick spam bots who try to use the Drupal contact form. I don't particularly like the extra step humans are required to perform in these "verification" methods, and some just don't work.
The idea is simple: Basically you place a bogus input field on a contact form, and use CSS to not display it. On submission you check for a value. If there is a value entered, then that means a non-human has been blanketing form fields, and the form post can be ignored as spam. The spam bot will probably never know.
Gotcha adds a field labeled "Subject" at the top of the contact form. It uses a "div" tag to render the field as "display: none" so human users shouldn't see it, and won't enter any data there. Hopefully, the suspected spam bot will see "Subject" and be enticed to enter something there. There is descriptive text to encourage a human (whose browser might be set to display it anyway) to ignore this field.
Gotcha intercepts the contact form submission and checks the hidden field. If something is there, Gotcha simply returns to the front page and ignores the message. The attempt is logged, along with the submitter's IP address, and the suspect message is saved in the database. If the field is empty, then the message is passed on through to the contact module for normal processing.
Unfortunately, most of the spam was still getting through. And most of that was a bunch of links to drugs or porn. From experience, I knew that the Spam module was already good at dealing with this in comments. After browsing that module, I found that I could "hook" into its filters and use them to identify spam.
All of my spam emails stopped immediately!
The Gotcha module requires the core Contact module and the contributed Spam module (which you can also use to limit comment spamming).
Normal module installation procedures.
All of the settings for Gotcha are found in the Administer » Site building » Contact form, under the "Settings" tab.
- Log all email - If this box is checked, all site-wide Contact email will be logged in the Gotcha table. If it is not checked, only suspect emails will be logged.
- "Go Away" page: - This is the path to the page to be displayed when the message has been identified as spam. That message should be tactful, but forceful. When the module is enabled, it checks to see if there is a page that is titled "Gotcha: Go Away!". If is present, that node's id will be set here. If is not found, the module will create a sample page and set the new page's path here. Note: It is not necessary for this page to be in "published" status as it will be displayed anyway.
- Maximum body - The maximum size of the message's body to show in the logging list. This limits the size of the displayed list.
- Rows per Page - The number of rows to show per page in the logging list.
- Show Site Name - If selected, the site's name will show in the logging list. This is useful in a multisite environment with a shared "gotcha" log.
Please post issues, support requests, and feature suggestions to the project page, rather than here.