Protect page from requests

Question

What's another way, instead of recaptcha, to protect the booting page?

My customers do not like to be filling these things out and I'm out of ideas

Answer 1

If you don't like any of @Trott's suggestions - A simple CAPTCHA replacement, but I am not sure for how long (a somewhat sophisticated attacker could crack it):

Add this into your form:

<input name="dummy" value="" style="display: hidden"/>

Then in your server code,

if params['dummy'].empty?
  # user
else
  # spambot!
end

This relies on spambots compulsively filling out unknown form fields (so that they don't leave out any mandatory ones); but a user will never see it, and thus always leave empty.

Answer 2

Without more details, it will be difficult to know what is appropriate for your situation. Here are some things that may or may not work for you depending on your situation:

• Instead of a CAPTCHA use a simple question. Arithmetic perhaps. Or asking someone to type a word that is undistorted rather than distorted like a CAPTCHA. Or having someone always type the same word into a box. This is nowhere near as strong as a CAPTCHA, but it may be enough depending on your needs.

• Password protect your site. Depending on your needs, you can use a shared password, individual accounts specific to your site, or something like Facebook Connect / OAuth / OpenID.

• You can try a robots.txt file, but that will only keep well-behaved robots away. Attackers will, of course, ignore it.

• You can firewall off your server so people can only access it from a certain subnet. If everyone using the site has access to the same VPN, then they can use VPN to access the site.