Are there ways except CAPTCHAs for web apps like pastie.org or p.ramaze.net? CAPTCHAs take too long for a small paste for my taste.
from wikipedia
A CAPTCHA system is a means of automatically generating new challenges which:
* Current software is unable to solve accurately. * Most humans can solve. * Does not rely on the type of CAPTCHA being new to the attacker.
I my self am really bad at resolving Captchas (at least the image based ones) and to me it feels like the current implementations do not fill the "specification" above. A lot of the widely used implementations can in fact be solved with software. I'm like most humans and I can't solve these... (subjective I know)
I would probably try implement a system where users can mark stuff as spam those would me removed. Yes the spam would be visible but not for long without any input from admin himself.
Come to think of it the reputation and voting system here at SO quite effectively reduces the impact from spam as questions get closed and voted down => lover visibility
I've succesfully used hashcash before.
It requires a javascript enabled browser and delays the post by a few seconds (configurable), but has the advantage of not adding UI complexity.
While hashcash doesn't avoid spam per se, it requires the spammer to waste time computing javascript hashes, which in turns requires that the spammer has javascript enabled (which is quite rare), and that it cannot do more than few spams per minute
Personally, on my blog, I was getting a lot of spam from bots. After analyzing what the spam looked like, I did up some quick regex to detect things like a post full of links, or cases where the subject, comment, and name field were all filled with the same text. I display a nice user friendly message if the post gets blocked. Since I employed this technique, I went from hundreds of spam comments a week to virtually zero. I guess what I'm trying to say, is analyze what kind of spam traffic you are getting, and see if there's an easy way to cut it out, with just some simple analysis, rather than resorting to something like captcha.
You could try Honeypot CAPTCHAs. Essentially, you hide some form fields using CSS. Your users will never fill out the fields because they won't see them, but spam bots who don't support CSS will fill them out. On the server side you just ignore comments/pastes/etc. that have that field filled out.
In addition to honeypots, you can use timestamps and one-time-tokens to stop replay attacks. Here's a discussion of combining the two techniques.
You could try Akismet. It is very good at blocking spam, could be free (depending on your use) and has APIs for numerous web apps.
Your two aren't listed though, so some work would be required to get it to work with them. Is pastie.org rails based? If so, then there is a rails API for Akismet.
What about something like Phil Haacks invisible captcha?