or third party vendor...hopefully.
Our forms we've had honeypots installed for at least the last two years, and they are no longer working for us - could be that humans are getting hold of our form since time of day, IP, and inferred country seem to remain the throughout attacks once theyve started, say Saturday at 5pm), until the next round (next saturday at maybe 3pm) - but don't definitely know if it's human or bot.
We are looking for the next steps for form security that hopefully doesnt bring in a paid service and we have developers on hand to help. Google Recaptcha specifcally doesnt work in china and we are a global company, definitely needing this to work in china.
Does anyone have any suggestions for maybe some type of event listener or email verification (that uses an SMTP call or something rather than just validating domain, they come in with legit domains) prior to form submission?
Also, thoughts on standard captchas?