I have a form that is being spammed. The website provider forces that form on a page that can't be deleted (a registration page), so I can't suppress that page or the form. I can however add Html to the page.
Adding javascript to disable the submit button won't work because spammer bots don't run javascript.
The website provider offers a captcha plugin for a price. (So now I'm wondering if the provider is spamming the site so I will buy the captcha!)
Is there any way to roll your own non-javascript captcha?
Answer so far: no! fuhgeddaboudit
Most spam prevention is in the form processing script.
If you can't us JS on the front-end to stop spamming, then you need to work on the processing script.
One simple way to cut down some of the spam is to use a Honeypot field which is basically a hidden field that bot try to fill out anyway, and in the processing script you will say something like: if this field is filled out, then don't send the form, else, do send the form.