Recent Topics

Adding a honeypot

Started by on Oct 28, 2013 – Contents updated: Feb 06, 2014

Oct 28, 2013 17:37    

I haven't seen anyone doing this in the forums, but I presume someone's tried... I have done a honeypot before but for a manually coded contact form. I don't know where to begin fiddling for b2evolution's comment system or contact form. Anyone have any suggestions?

Oct 30, 2013 23:41

I am already aware of the many plugins available for b2evo, including the captchas and various turing tests. However, I specifically wanted a honey pot as I like the idea of nicer forms for visitors without compromising on security against spam. I currently have a honey pot working on a non-b2evo website and it's doing quite well at keeping the spam at bay. One reason I asked here though is that I, as you point out, don't want to hack the code as much as possible.

PS It is a good idea to not assume things of people. Although I am not often here in the forums, I have been using b2evo for about 6 or 7 years and am smart enough to have attempted a search of the forums before posting, as well as knowing what plugins are available. Nobody has discussed a honey pot before so I thought I would start a discussion on it.

Oct 31, 2013 09:29

You're right @fredsy, I didn't check your profile before to answer, my bad. But, the way how you composed your message didn't give me any sign about your experience working with b2evo.

I guess it's just me, but I can't make a difference ( besides the look&feel ) between the concept of "honey pot" and the b2evo's built-in captcha plugin. Could you share some samples about how do you visualize a honey pot working on b2evo forms? This could be useful to go further and let us to contribute with the idea.

Nov 01, 2013 13:36

That's ok - and to be honest, I'd had a bad day and I kind of over-reacted about it, so my apologies too.

I probably haven't been clear anyway, but when I say honey pot I'm referring to a hidden field in the form. If it's a bot, it will input something into the field, but a normal visitor won't see the field. (The field being hidden by using display:none in css, and the form validation checking for content in the field) I like it because you don't clutter up the page with extra fields, or force the user to spend more time filling it in, or worry about captchas being legible but not so much that a robot can read them. It doesn't reduce the amount of manually inputted spam though, but then neither do any of the other options either.

Basically it doesn't punish the average visitor for what the spammers do, but does punish the spammers by rejecting the comment.

Nov 07, 2013 08:56

All right, I was thinking on "honey pot" as any captcha mechanism.

Is not too difficult to make work a basic honey pot. Please consider I will mention three files and all them are referred to v5.0.6.

/blogs/skins/_item_comment_form.inc.php

PHP

<?php 
    //Honey Pot
    $Form->text_input'newcomment_fancyInputName'''20''''array('maxlength'=>100'style'=>'width: 100%;''id'=>'newcomment_fancyInputName') );
    ?>

/blogs/htsrv/comment_post.php

PHP

$honeypot param'newcomment_fancyInputName''string' ); //TODO: use $dummy_fields

PHP

if( !empty($honeypot) )
{
    $Messages->addT_('Are you human?'), 'error' );
}

/blogs/skins/evopress/style.css

CSS

#ffield_newcomment_fancyInputName,
#newcomment_fancyInputName {
  display: none;
}

Please try and let us know how is it going.

Regards !

Nov 07, 2013 09:00

@fredsy please note that you could add the css code to the /blogs/rss/css/basic.css file instead of directly at the evopress skin, as suggested in my comment above.

Jan 18, 2014 02:21

Thanks, guys, for this thread because I want to replace my Google Recaptcha with Honey Pot as well. They have a good thing going on and it appears to be a very sophisticated system worth trying.

Jan 18, 2014 10:46

Sorry I haven't been back to this thread. I got very busy at the end of the year and for the time being am using a normal recaptcha plugin. I will give this a go in the future though as I hope to implement it on another site.

Feb 03, 2014 06:13

Ok, finally have time to come back to this now. I was all set to try out the suggested code, when I realised that the hack looks like it is for comments, whereas I also want the honey pot to be for contact_msg.form.php. I assume the three hacks go in /skins/contact_msg.form.php, htrsv/message_send.php and the css respectively?

Feb 06, 2014 14:07

I've given up on the honey pot idea. Our wires are getting crossed and I don't have time for unnecessary hacks of the core code especially when I don't know what I'm doing. I have simply added a turing test plugin for the time being.

Feb 06, 2014 19:25

All right, thanks for notify.


Form is loading...

open source blog – This forum is powered by b2evolution CMS, a complete engine for your website.