I can do it with PHP but unfortuantely I know next to nothing about Drupal.
The problem is getting the right event to trigger the function that will, for example, return true if the user has posted in the last time interval. Then you could try to display an error yourself - but I cannot help you there.
Back to my original solution, I don't see a big problem with displaying "internal error" messages, especially if all human users are aware of the motive. If someone hits F5 and the time interval is set to 30 seconds it will probably refresh with the comment correctly posted. And it will probably cause a robot to give up it's attack.
Anyway, the trigger could be set as a last line of defense - say it only block posts 10 seconds apart. The good news is that triggers are usually pretty fast. Bad news is there will be an extra select on a large table for every comment posted.
Feel free to contact me if the new captcha fails...
I mentioned this in another thread: would it be possible to set the need of "solving" the CAPTCHA to every 10th (or a random number) post instead of one at the beginning of each session? By doing so the robots might be halted in their spamming.
If it's easy to do it could be a quick fix until your plan works out.
I like the easy question CAPTCHA, though not for every post. The Captcha Riddler module lets you come up with a few different questions to ask and have them rotate. Other easy questions:
Write the word blank in the box below.
In BLF's motto at the top of the page, what meets with flashlight? (variations for meets and flashlight)
one of the things you can do as well is to moderate the new user for an "X" number of posts, allowing them to prove themselves... so captcha's checking their posts before posting... spammers will even find ways around those ... FnF has a unique way... they have to send an email to the owner... then he makes the call whether it is a bot or a human.
Hmm, I'm not counting on the CAPTCHA to be a very effective long term solution. It's basically like washing your hands to avoid sickness. It's important, but there's many other things you have to do to stay healthy.
That wouldn’t slow a spammer down until we can get him. There was a spammer a few minutes ago and we got him after only 2 posts I think.
Without the CAPTCHA on every post he could have been off and running.
I think having it on every post is just a temporary thing anyway. I’m glad to have it until a permanent fix is implemented.
Some people were complaining about it and it shouldn't be necessary for established members. I think right now it is back to once per session plus when you sign up. We'll see if that can keep the spam in check or not. If not, maybe it could be done only for newbies on their first 10 posts or something like that.
Spam is still down from where it was. Maybe new users should get the CAPTCHA their first 10 posts or something. Once a user is okay, they shouldn't have to deal with captchas anymore.