How to recognize a bot on my registration page?

Question

My web service landing page includes a registration form, On one hand, I want to block registration bots with a captcha field in this form, but on the other hand, a captcha field makes the form ugly. So what I need is to include this captcha field only when my server detects bot behavior.

How can I recognize a bot and block it effectively? (captcha or not) IP address?(what about clients in NAT?) session? user agent?

P.S. My definition of bot is any trials to repeatedly create new accounts on a single client. So blocking user agents that are defined as 'bots' is not the way to go, because spammers can write scripts to drive browsers, or use fake user agent strings.

Answers to this question mentioned some trick using hidden fields that is expected to be blank, but that trick doesn't convince me to be very effective: How websites like Facebook are protected against bot without any captcha

Answer 1

There are multiple common strategies. Check my answer on a similar question here. A mixture of strategies usually works best. But be aware that you really shouldn't obsess too much. Simple strategies usually work just fine. On the other hand, if someone is so hell bent on harming your site, and develop custom bots only to defeat your protection, even Captcha is ineffective as there are multiple very powerful libraries for optical character recognition. Plus, it would probably be easier for them to just DDoS you then to come up with custom bots.