I've combined three techniques to eliminate a client's captcha solution.
1. You have to click on a checkbox in order to complete the form.
2. If the form is submitted in under 7 seconds, it asks you to submit it properly
3. If the honeypot has anything in it and the checkbox is unchecked then the submitter is a spammer.
I found an exploit in my own code and am not sure how to add another layer of security. You can click submit over and over if you just wait the required amount of time. Chances are there is enough to discourage using the form for spam, but I want to be thorough.
Anyone out in PHPland have any thoughts?