3

I have the below for that works well, but is open for spam bots. I want to put in a honeypot, not a captcha. The code below works with the validation for the name, email, message, but I can not get it to work with the honeypot.

Can anyone look at the "honeypot" code and tell me how to fix it?

I would like for the form to give an $success2 = "No Spamming allowed" that acts like the form was submitted, but does not actually submit the form.

Thanks

The Form:

<form id="contactform" action="send2.php" method="post"><div id="success"></div><div id="error"></div>
<label for="name">Name:</label><input type="text" id="name" name="name"/>
<label for="email">Email:</label><input type="text" id="email" name="email"/>
<label for="message">Message:</label><textarea id="message" name="message" rows="12" cols="20"></textarea>
<label id="robot">Are you a robot?</label><input type="text" name="robot" id="robot"> 
<input type="submit" value="Send your message" id="send" />
</form>

The PHP: can be found here: http://goviewmy.com/contact/showcode/

Sorry, but i cannot get the PHP code to post in this question, so I attached a link to it.

Thanks

Funk Forty Niner
  • 73,764
  • 15
  • 63
  • 131
mewebs
  • 505
  • 2
  • 5
  • 11
  • fix it how? You haven't told us how it's broken... – Marc B Jul 29 '13 at 17:16
  • Although I cannot give you an answer to solve your problem, these posts on SO may be of help http://stackoverflow.com/a/9447733/1415724 **and** http://stackoverflow.com/questions/1577918/blocking-comment-spam-without-using-captcha – Funk Forty Niner Jul 29 '13 at 18:22
  • Check out example #6 here, works like a charm for me too http://forums.phpfreaks.com/topic/271026-please-help-a-noob-simple-honeypot/ - just add an `else {...}` in there. – Funk Forty Niner Jul 29 '13 at 18:53
  • @Marc B if you look at the PHP where it says //Test Robot - it works, but form is still submitted, I need the form to not submit, end, if the robots field is filled in - By the way, I will not have it named as robots and it will be hidden - I just used this to show it in this sample – mewebs Jul 30 '13 at 18:06
  • @Fred - Thanks - I have tried timers, but some bots are aware of them. – mewebs Jul 30 '13 at 18:15
  • @user2518599 Hm, well there are more ways to **"out-FOX the fox"** as it were. Any new developments so far? – Funk Forty Niner Jul 30 '13 at 18:21
  • @Fred - None yet - still working in it. The timer I know does not work because I am still getting spam form fills, increased actually. I set time to 3, 5, 10 seconds and they still come in. I am working on a Honeypot that I am going to test out. Will post it if it works. Thanks – mewebs Aug 01 '13 at 16:56
  • @user2518599 Ok, well I would be interested to see what you will have come up with. I'm still researching it also, and will keep you posted, cheers. – Funk Forty Niner Aug 01 '13 at 17:03
  • @user2518599 Just as a quick and dirty way to deny access to the guilty parties. Have you been able to log which ones are doing this, and to block them via `.htaccess`? – Funk Forty Niner Aug 01 '13 at 18:06

1 Answers1

12

Honeypots work best if they have a field name that sounds legit, they should also be hidden using javascript to change the css after the page loads. (Most) bots don't have javascript enabled so they cannot process that this field should not be filled out.

I use something like this:

<div class='req'>
    <label for='website'>Leave blank</label>
    <input type='text' name='website'>
</div>

Hide it with jquery:

$(document).ready(function(){
    $(".req").hide();
});

reject it server side if the field is filled out with something like this

if($_POST['website'] != ''){
    echo "It appears you are a bot!";
}
else{
//process the rest of the form
}
robz228
  • 630
  • 1
  • 4
  • 11