We run an ecommerce website and the site is scanned by Scan Alert for vulnerabilities.

The problem is this: We have a product search tool (form) that is in the header of every displayable page. When Scan Alert does there daily thing, a lot (200+) of invalid searches are done.

Is there a somewhat unobtrusive "CAPTCHA"-like piece of code that can be used where, whenever the search field is populated and then the search button clicked, that a small "enter this code" is required to complete the search. If the wrong code is entered, the screen refreshes without a search.

We have no access to "server side" anything, so it all has to be done in the code on the page. Is this possible? I'm thinking something simple here, like a commonly known answer to a question, such as "The color of grass is?". If the answer is "green" then display results. If not, refresh screen. Keep in mind this code would be on all pages, both SSL-encrypted and non-encrypted pages

We're relative HTML newbies, so I hope this doesn't seem so obviously easy to everyone! :)

Thanks in advance folks.

conehead