diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 7a4ae21..2a3f81d 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -56,8 +56,8 @@ class AccountController < ApplicationController
   end
 
   def signup_time
-    set_signup_time_for_now
-    render :text => {:ok=>true}.to_json
+    key = set_signup_start_time_for_now
+    render :text => { :ok=>true, :key=>key }.to_json
   end
 
   # action to register an user to the application
@@ -83,12 +83,12 @@ class AccountController < ApplicationController
       @person.environment = @user.environment
       if request.post?
         if may_be_a_bot
-          set_signup_time_for_now
+          set_signup_start_time_for_now
           @block_bot = true
           session[:may_be_a_bot] = true
         else
           if session[:may_be_a_bot]
-            return false unless verify_recaptcha :model=>@user, :message=>_('bota o recaptcha manuel!')
+            return false unless verify_recaptcha :model=>@user, :message=>_('Captcha (the human test)')
           end
           @user.signup!
           owner_role = Role.find_by_name('owner')
@@ -112,6 +112,7 @@ class AccountController < ApplicationController
       @person.errors.delete(:user_id)
       render :action => 'signup'
     end
+    clear_signup_start_time
   end
 
   # action to perform logout from the application
@@ -287,13 +288,33 @@ class AccountController < ApplicationController
     @cannot_redirect = true
   end
 
-  def set_signup_time_for_now
-    session[:signup_time] = Time.now
+  def set_signup_start_time_for_now
+    key = 'signup_start_time_' + rand.to_s.split('.')[1]
+    Rails.cache.write key, Time.now
+    key
+  end
+
+  def get_signup_start_time
+    Rails.cache.read params[:signup_time_key]
+  end
+
+  def clear_signup_start_time
+    Rails.cache.delete params[:signup_time_key]
   end
 
   def may_be_a_bot
-    return true if session[:signup_time].nil?
-    session[:signup_time] > ( Time.now - 15.seconds )
+    # No minimum signup delay, no bot test.
+    return false if environment.min_signup_delay == 0
+
+    # answering captcha, may be human!
+    return false if params[:recaptcha_response_field]
+
+    # never set signup_time, hi wget!
+    signup_start_time = get_signup_start_time
+    return true if signup_start_time.nil?
+
+    # so fast, so bot.
+    signup_start_time > ( Time.now - environment.min_signup_delay.seconds )
   end
 
   def check_answer
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 3fa8509..414fbed 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -233,6 +233,7 @@ class Environment < ActiveRecord::Base
     settings[:message_for_member_invitation] || InviteMember.mail_template
   end
 
+  settings_items :min_signup_delay, :type => Integer, :default => 25 #seconds
   settings_items :activation_blocked_text, :type => String
   settings_items :message_for_disabled_enterprise, :type => String,
                  :default => _('This enterprise needs to be enabled.')
diff --git a/app/views/account/_signup_form.rhtml b/app/views/account/_signup_form.rhtml
index ad09c4b..35b638f 100644
--- a/app/views/account/_signup_form.rhtml
+++ b/app/views/account/_signup_form.rhtml
@@ -1,10 +1,7 @@
-<script type="text/javascript">
-  jQuery.post("<%= url_for :controller=>'account', :action=>'signup_time' %>");
-</script>
-
 <% if @block_bot %>
-  <div class="bot-notice">
-    <%=_('<strong>How Fast!</strong> Looks like you are a bot.')%>
+  <div id="bot-notice">
+    <strong><%=_('How Fast!')%></strong>
+    <p><%=_('Looks like you are a robot. Please, prove that you are human.')%></p>
   </div>
 <% end %>
 
@@ -14,6 +11,18 @@
 
 <% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form' } do |f| %>
 
+<input type="hidden" id="signup_time_key" name="signup_time_key" />
+<script type="text/javascript">
+  jQuery.ajax({
+    type: "POST",
+    url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
+    dataType: 'json',
+    success: function(data) {
+      if (data.ok) jQuery('#signup_time_key').val(data.key);
+    }
+  });
+</script>
+
 <%= hidden_field_tag :invitation_code, @invitation_code %>
 
 <div id='signup-form-header'>
diff --git a/public/stylesheets/application.css b/public/stylesheets/application.css
index e8c733d..066de32 100644
--- a/public/stylesheets/application.css
+++ b/public/stylesheets/application.css
@@ -5636,6 +5636,16 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
 
 /* Signup interface {{{ */
 
+#bot-notice {
+  border: 3px solid #000;
+  background: #FE0;
+  padding: 5px 10px;
+  font-size: 150%;
+}
+#bot-notice p {
+  margin: 0px;
+}
+
 #url-check {
   margin: 0 0 -5px 0;
   width: 100%;
diff --git a/test/integration/signup_test.rb b/test/integration/signup_test.rb
index 396b04f..3c1a5ec 100644
--- a/test/integration/signup_test.rb
+++ b/test/integration/signup_test.rb
@@ -7,8 +7,40 @@ class SignupTest < ActionController::IntegrationTest
     ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
   end
 
+  # helper
+  def registering_with_bot_test(min_signup_delay, sleep_secs)
+    env = Environment.default
+    env.min_signup_delay = min_signup_delay
+    env.save!
+    get '/account/signup'
+    assert_response :success
+    get '/account/signup_time'
+    assert_response :success
+    data = ActiveSupport::JSON.decode response.body
+    sleep sleep_secs
+    post '/account/signup', :user => { :login => 'someone', :password => 'test', :password_confirmation => 'test', :email => 'someone@example.com' }, :signup_time_key => data['key']
+    assert_response :success
+  end
+
+  def test_signup_form_submition_must_be_blocked_for_fast_bots
+    count = User.count
+    registering_with_bot_test 5, 1
+    assert_template 'signup'
+    assert_equal count, User.count
+    assert_match /you are a robot/, response.body
+  end
+
+  def test_signup_form_submition_must_not_block_after_min_signup_delay
+    count = User.count
+    registering_with_bot_test 1, 2
+    assert_equal count+1, User.count
+  end
+
   def test_should_require_acceptance_of_terms_for_signup
-    Environment.default.update_attributes(:terms_of_use => 'You agree to not be annoying.')
+    env = Environment.default
+    env.update_attributes(:terms_of_use => 'You agree to not be annoying.')
+    env.min_signup_delay = 0
+    env.save!
 
     count = User.count
     mail_count = ActionMailer::Base.deliveries.count
--
libgit2 0.21.2