We had the same problem and didn't want to use recaptcha because it's too hard for some users (ie. senior users).
So, we used django-simple-captcha, but that didn't stop some of the bots. Our SecOps produced automated captcha parsing scripts so that we could fine-grain configuration, and found out a configuration that lets them only like 20% chances of success, and we don't have any more spam at all (maybe the captcha recognition scripts hackers use are not as good as the one we made for testing purpose ?). This is our configuration : https://github.com/betagouv/mrs/blob/0f37f786c4770e0f401c071fb2fef85f18303aca/src/mrs/settings.py#L432-L448 Our special functions, which are just a copy/pasted from the original app source code, with the minimal modifications to make it stop : https://github.com/betagouv/mrs/blob/0f37f786c4770e0f401c071fb2fef85f18303aca/src/contact/captcha.py Note that audio works well but in english only, but doesn't require any external webservice, it does require Pillow though. I suppose that would be the preferable implementation detail if Django were to integrate such protection. Hope this helps -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0uhCjKcLoDF6ZvhEwaFDhCE1NerV-GBvE-qJWa60RIA0zrNiu067z38tO-ZlvOPUp2uFf-Ri1qOqqnDksfdi1SKVqFlv5DgHteD6YGSnpXw%3D%40protonmail.com.
