I've come across umpteen homegrown implementations to detect spam comments/signups ranging from point thresholds, cookie checking, javascript injection, css hiding, timeouts...<p>Also, people are paid to solve captchas.<p>Then you have the problem of abusive bots which can be resolved by honeypots & fail2ban, but you have to make sure your logs are aggregated, communicate the firewall rules to your web proxy and then be careful of blocking search engines.<p>You can also integrate spam blacklists and keep them up to date.<p>If there aren't any existing providers I'm starting to wonder if there would be an opportunity to create a saas offering which:<p>* allows developers to integrate simply by plugging into popular web frameworks, protecting not only comments but user/beta signups, etc.<p>* automatically uses all the best methods for stopping spam & bot abuse, both client and server side, automatically improving its own algorithms<p>* maintains and automatically distributes a central, real time blacklist database<p>* provides a great interface for monitoring/reporting and to easily blacklist or whitelist<p>ps. I had the unfortunate experience of having my submission link timeout as I wrote this submission :)