Honeypot Spam Preventer
This is an open discussion with 6 replies, filed under General.
Search
Depending on the method one uses to hide the field, it might still be visible to people who use screen readers. So you might want to add something that indicates they should leave this field blank. Perhaps add something to the label like "fill this out if you are a robot".
In case Pastie kills the code, here it is again for reference:
public function load(){ if(isset($_POST['action']['save-response']) && $_POST['email'] == ""){ return $this->__trigger(); } }
With Symphony events, the fields are generated with the "fields" prefix. ie fields[email]
. Does this throw spam bots off at all? Having the input name on the honeypot field without that prefix? Would they be smart enough to detect the difference and prevent filling it out?
Also, the only real problem I see with changing the real email fields name to something like "address" is that error messages on an unsuccessful submission might not be as clear to the user? This might not be that big of an issue, but a message saying, "Address is required" may raise a few eyebrows?
I am using another solution for a honeypot:
- I have added a Text Input to the section to protect
- I gave it the validation rule /^$/i (which says the field must be empty)
- With the field suppressor extension I am hiding the field
- The input field is hidden by applying the css sytle attributes position: absolute, left: -5000px
- To prevent users from accessing the field with the tab key, I gave it tabindex=-1 which excludes it from the tab order
The input field is hidden by applying the css sytle attributes position: absolute, left: -5000px
Is this proven more beneficial than display: none
? Having the element still on the page, that is.
I'm digging using the suppressor extension though, removes the necessity to manually alter the Event.
Can't tell whether it makes any difference to use display: none
or position: absolute
. I had used the latter to make sure bots don't grasp I have included a honeypot but then I experienced problems with Chrome and Safari (which both still display the field) and I am now applying display: none
with javascript after page loading.
Create an account or sign in to comment.
This is just an informative post for PHP dummies like myself. I read over a lot of the SPAM posts around here and determined that I wanted to make a honeypot field named "email" that spam robots would want to fill out. I didn't find specific directions on how to do this, however. Here's how I did it:
public function load()
code.Would any of the more knowledgable people around here suggest any changes to this method? Hope this is helpful to someone.