This project is read-only.

NoBot Control (demo)

NoBot is a control that prevents CAPTCHA-like bot/spam without user interactions. This approach is easier to bypass than the implementation that requires actual human intervention, but NoBot has the benefit of being completely invisible. NoBot is probably most relevant for low-traffic sites where blog/comment spam is a problem and 100% effectiveness is not required.
NoBot employs a few different anti-bot techniques: * Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of a postback. For example, the calculation may be simple numeric or may involve the DOM for added assurance that a browser is involved * Enforcing a configurable delay between a request sent to a form and the time it can be posted back. For example, a human is unlikely to complete a form in less than two seconds * Enforcing a configurable limit to the number of acceptable requests for each IP address per unit of time. For example, a human is unlikely to submit the same form more than five times in a minute. NoBot can be tested by violating any of the above mentioned techniques: posting back quickly, posting back many times, or disabling JavaScript in the browser.


Name Description
CutoffMaximumInstances Optional maximum number of postbacks to allow by a single IP address within the cutoff window
CutoffWindowSeconds Optional number of seconds specifying the length of the cutoff window that tracks previous postbacks from each IP address
ResponseMinimumDelaySeconds Optional minimum number of seconds before which a response (postback) is considered valid


Clears the user address cache

Returns a copy of the user address cache

Returns whether or not the user is valid
  • state
    • Type: NoBotState
    • Description: NoBot state

Returns whether or not the user is valid


An optional EventHandler providing a custom implementation of the challenge/response code

Last edited Sep 14, 2015 at 11:13 AM by fadilmamedov, version 4