There's a simple trick that a friend of mine, Sean Rabey, at Pump Interactive showed me which will help you reject submissions from bots.
Sean suggested that I use an input field and then hide it with CSS. Humans entering data into the form won't see the field and therefore won't enter anything into it. Bots on the other hand may try to fill out this field and can't detect whether or not it's visible in the browser. If your "special" field has data in it you can reject the submission since you know it's not a human entering the data.
Here's an example of how you can do this in APEX. You can view an example here: http://apex.oracle.com/pls/apex/f?p=20195:2900
- Create a "Dummy" item
Set "HTML Form Element Attributes" to class="hideMe"
- Configure "hideMe" style
Add the following in your application somewhere (or to a CSS file)
- Add validation to catch bot entries
Validation Expression 1:
WHERE :p2900_dummy IS NULL