HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

BotStop – honeypot technique suggestion

Hi

This BotStop plugin is really needed! Good work. But I hate putting the burden of bots onto the user... it's not their fault, but most types of CAPTCHAs make them complete an extra step to help us out.

I'm thinking, it may be better if this plugin uses a question like this...

Leave this field blank: [_________]

...and then uses CSS to hide the question off of the screen. Any humans completing the form won't fill it in, and any bots will try to submit a fully completed form, so will put something in the box and therefore fail registration.

What do you think?

Paul

Comments

  • Just use a question that only the kind of users you want can answer. like "what equals MC squared?"

    If people can't answer that then they need to go back to school not a forum ... lol

    But you could modify the plugin to work based on lack of input instead of depending on input. I personally don't like to hide this stuff. People should know what they fill in or not fill in.

  • @nicepaul good idea, but wont you have an increase in human spammers

    There was an error rendering this rich post.

  • If it is hidden by css it won't be submitted in the post (if the browser follows the rules correctly). It is effectively not a form field when display:none.

    Although most spam software haven't got a built in rending engine nor doing complex analysis, when it is a targeted spam, the spammer has already noticed something about the software, so will quickly adapt their program.

    A Spam bot saves the spammer time, it is doesn’t mean they don't tweak it for particular software, and the spammer isn't getting feedback.

    If you are going to take special measure make it unique to your site , not just vanilla.

    grep is your friend.

Sign In or Register to comment.