Solving bots registration problem by “reinventing the wheel”

Ever since I launched ImpressKit in 2021 I had issues with spammy bot registrations. Usually at least a few times a month these would be like twenty new user accounts that were obviously bots.

I figured that it just a cost of having product with registration but over the years I got more and more annoyed. It messed up my stats dashboard, I was sending emails to weird addresses and I think I even got complaint from someone saying the did not register after receiving a login confirmation email.

Some months ago I finally had enough and decided to try to tackle this. I did not want to use 3rd party captcha because these are annoying and it is another part that I would need to monitor and possibly update…

But what should I use? After some thinking I arrived at solution that seemed both simple and like it could work. I added required “questionnaire” to the register form asking the prospective user what the project is about. I made sure the correct answer wasn’t the first radio button.

When incorrect option is selected, then the form just redirects to new page explaining that the answer is incorrect and no user account is created.

The results?

I am happy to report that ever since deploying this I did not spot any suspicious new account registration. Even though the “captcha” is super easy to defeat - I don’t think anyone is going to create custom bot behavior for my small project.