There are some measures in place that go beyond just the "plain text" you see.
It prevents most bots from getting through, at least automated bots that seek out empty input boxes and add random stuff to them and attempt to hit a submit button. I had tried Google Recaptcha but there were just too many issues with it, for whatever reason, so I had created my own. I'm still experimenting with several different measures for improving the captcha. I've had two attacks since its creation 2 years ago. The spammer was able to create over 5,000 posts in just a few hours.
The first spammer actually emailed me and was pissed off. The entire email was in Russian but it translated into: "Why did you delete all of my posts I created?" Definitely correlated as it was just a few hours after I deleted them that I received that email.
The most recent attack was just a few weeks ago. I added some additional "captures" which seems to have prevented anything further. These pages were also in Russian and basically just linked to random forums all over the Internet. I don't think MyPost has any potential to give "rank" at all, but I'm pretty sure it's being done for backlinks. It may be that the "spammer" is a live person that goes through the source code and actually writes their own code to break through and create posts on MyPost.
The only thing I can keep doing for the time being is learning their methods and implementing new measures to prevent them from getting through, just as they continue to learn mine. There was a Show HN a few days ago that actually encrypted passwords on the client side, so I may look into that code and revise it to work as a captcha.
I implemented captcha once. There's a python captcha image generating library I used to create many thousands of 4 digit images, served them with a unique key to reference from form, stored the key in redis for fast lookup.
I'm not saying this was a great or even good solution, but attackers would at least have to do OCR on the image to crack it, as opposed to examining the js on the page.
I would certainly consider image-as-captcha, but it is not my favorite method. From my experience of running a website in which I do cater to at least a dozen handicapped readers that I've spoken to personally, some of whom are blind, others who are deaf, others with dyslexia or have trouble reading text, these types of captchas cripple those users.
And while it might seem like -- oh well for them -- having to deal with challenges in the real world is hard enough, and now they'd have to face it on the Internet too? So that is why I am trying to come up with a captcha system that can fool bots, but is human-friendly and not complicated just the same. Google's No-Captcha Recaptcha usually works great and I have used it on other websites, but for some reason, unfortunately on MyPost, it had failed me, either not "seeing" my answer as correct, or just not working as it should.
You could try browser fingerprinting[1] for identification and as a second measure (if the spam is coming from the same machine) at least you can prevent them creating further posts.
It prevents most bots from getting through, at least automated bots that seek out empty input boxes and add random stuff to them and attempt to hit a submit button. I had tried Google Recaptcha but there were just too many issues with it, for whatever reason, so I had created my own. I'm still experimenting with several different measures for improving the captcha. I've had two attacks since its creation 2 years ago. The spammer was able to create over 5,000 posts in just a few hours.
The first spammer actually emailed me and was pissed off. The entire email was in Russian but it translated into: "Why did you delete all of my posts I created?" Definitely correlated as it was just a few hours after I deleted them that I received that email.
The most recent attack was just a few weeks ago. I added some additional "captures" which seems to have prevented anything further. These pages were also in Russian and basically just linked to random forums all over the Internet. I don't think MyPost has any potential to give "rank" at all, but I'm pretty sure it's being done for backlinks. It may be that the "spammer" is a live person that goes through the source code and actually writes their own code to break through and create posts on MyPost.
The only thing I can keep doing for the time being is learning their methods and implementing new measures to prevent them from getting through, just as they continue to learn mine. There was a Show HN a few days ago that actually encrypted passwords on the client side, so I may look into that code and revise it to work as a captcha.