have a "contact us" form on all the websites that I build.
I have been using Google's ReCaptcha for a couple of years now, and until recently it has worked very well.
About a couple of months back, I noticed more spam suddenly getting through ReCaptcha.
I could only assume that this is because someone has cracked recaptcha and is now able to spam me via my websites.
So I implemented further measures, as follows:
2) Include an invisible text field which, if filled in by a bot, causes the contents of the form to be silently discarded (i.e. silently not sen via email) and the offending IP address to be flagged.
Nevertheless, I am STILL getting some spam, although much less than before I implemented the two further measures described above.
How on earth are the bots getting through all that??!! What can I do to completely defend against them?