Menu
By "honeypot", I mean more or less this practice:
#Register form <style> .hideme{ display:none; visibility: hidden; } </style> <form action="register.php"> Your email: <input type="text" name="u-email" /> Choose a password: <input type="text" name="passwd" /> <div class="hideme"> Please, leave this field blank: <input type="text" name="email" /> #the comment is for text-browser users </div> <input type="submit" value="Register" autocomplete=off /> </form> //register.php <?php if($_POST['email'] != ''){ die("You spammer!"); } //otherwise, do the form validation and go on. ?> more info here.
Obviously, the real fields are named with random hashes, and the honeypot fields can have different names (email, user, website, homepage, etc..) that a spambot usually fills in.
I love this technique because it doesn't cause the user to be annoyed by CAPTCHA.
Do any of you have some experience with this technique? Is it effective?
536
Just like a real honeypot attracts bears, email honeypot traps attract and catch spambots in the act. Once a bot falls into your trap, you can use the information you receive about the spammer or bot (i.e. their IP address) to block that user and prevent further spam.
Honeypot, as the name suggests, is a “trap” that is designed to lure bots and computer programs into accidentally revealing their identities. The idea is to provide something that is going to attract the bot, the “honey”, which is invisible or hidden from legitimate human users.
Honeypots are inactive email addresses set up specifically as a tool to catch spammers red-handed as these emails are not used by real people and therefore never opted-in to any email campaigns. As a result, any mailer that sends to these addresses can be dubbed a spammer.
A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems.
Old question, but I thought I'd chime in, as I've been maintaining a module for Drupal (Honeypot), which uses the Honeypot spam prevention method alongside a time-based protection (users can't submit form in less than X seconds, and X increases exponentially with each consecutive failed submission). Using these two methods, I have heard of many, many sites (examples) that have eliminated almost all automated spam.
I have had better success with Honeypot + timestamp than I have with any CAPTCHA-based solution, because not only am I blocking most spammers, I'm also not punishing my users.
88
With below technique, I block 100% of spams.
Deny access with IP address is very effective because bots keep trying to sneak in with same IPs (if they change IP then I put that new IP on htaccess so no problem). I trim .htaccess file daily with crontab automatically so the file won't be too big. I adjust the number of IP to block so same bot with same IP will be blocked for about a week or so. I noticed that same IP is used by bot for 3 days attacking several times.
The first #1 trick blocks about 99% and #2 blocks about 1% and the bot won't go through those 2 so #3 might not be necessary.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
