Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Spambot honeypot
  • @ben :

    Out of the blue, we started getting a ton of spam signups.

    Using Optin Monster for static and lightbox popup hover forms.

    I don't want to force double opt-in, not that that would solve the problem anyway, but is there a simple way to enable a Honeypot that will automatically reject the spam sign up?

    I read this thread: [link]

    And this post: [link]

    I've got this input into OptinMonster:

    <?php     <form action="" method="POST" accept-charset="utf-8">
    <?php   <input type="text" name="name" id="name" placeholder="Name" />
    <?php   <input type="hidden" name="list" value="J01CXkwd389285AYGgS8WepQ"/>
     <?php               <p class="antispam">Leave this empty: 
    <?php   <input type="submit" name="signup" id="signup" value="Submit!" />
    <?php     </form> >
    (without all of the) php at the beginning obviously. I don't know how to get the form to show in Markdown. and this in the CSS:
    html div#om-cviyby1pq9-lightbox .antispam { display:none;}
    However, I'm not sure what to do with this to edit it properly and put it in subscribe.php:
    // if the url field is empty 
    if(isset($_POST['url']) && $_POST['url'] == ''){
         // then send the form to your email
              mail( '', 'Contact Form', print_r($_POST,true) ); 
    // otherwise, let the spammer think that they got their message through
    We'll get back to you as soon as possible

    I assume all I need to do is get that edited and input into subscribe.php to stop the spambots.

    Can you tell me how to edit it please, because we've got a 4mb attachment going with each autoresponder email and they're signing up by the hundreds per day?

  • Vote Up0Vote Down BenBen
    Posts: 3,643Sendy support


    The basic idea of creating a honeypot is to create one text input field that is hidden by CSS so the spambot will fill that up.

    Eg. <input type="text" name="antispam" id="antispam" placeholder="antispam" />

    Hide the above with display: none in your CSS stylesheet.

    In the backend script, check that the $_POST['antispam'] is not empty, if it is not empty, it is a spambot submitting the form, then just exit; the script without further processing.


               if(isset($_POST['antispam'])) exit; 

    Best regards,

  • @Ben, thank you. I know and understand what a honeypot is and does. I just don't understand how to implement it in Optin Monster and Sendy.

    I will incorporate the hidden form field in Optin Monster you referenced. display:none is already set in CSS as per my OP.

    I will add your php of if(asset($_POST['antispam'])) exit;

    Into subscribe.php

    Anything else or will that work?

  • @ben, Don't you mean: input type="hidden" ?

    Also, where am I putting the if(isset($_POST['antispam])) exit; because every time I place it in subscribe.php and then manually subscribe I get the WSOD instead of the "You're Subscribed" page.

  • Vote Up0Vote Down BenBen
    Posts: 3,643Sendy support

    If you use input type="hidden" the spam bot will detect that it's a honey pot. So don't use that. Use CSS to hide it. Spam bots can't check CSS scripts.

This discussion has been closed.
All Discussions