Lately, http://www.theprobono.org/ has been absolutely slammed with spam project postings. They tend to consist of random characters for the username, random real-world locations, and typical spammy descriptions.<p>I just pushed a sanity check for the time between when the form is displayed and submitted, ensuring a reasonable amount for a human to fill it out. Beyond CAPTCHA and honeypots, any other ideas?<p>I've also been looking for a possible 3rd party service that could look at the project description and give a "likelihood of spam". Any thoughts?<p>Thanks!
What format is the project-description in? Is it a paragraph, or more, of random HTML? If so you might enjoy the blogspam API:<p><a href="http://blogspam.net/" rel="nofollow">http://blogspam.net/</a><p>It is used to blog forum/blog comments, but people have used it for protecting wikis from spam. (Disclaimer it is my pet-project.)
I used a time based token for all my forms. The token becomes invalid after an hour or so. Enough time for legitimate users to post their stuff but completely blocks automatic spam.