Skip to content

Spambot honeypot

edited August 2015 in Questions

@ben :

Out of the blue, we started getting a ton of spam signups.

Using Optin Monster for static and lightbox popup hover forms.

I don't want to force double opt-in, not that that would solve the problem anyway, but is there a simple way to enable a Honeypot that will automatically reject the spam sign up?

I read this thread: [link] https://sendy.co/forum/discussion/161/lots-of-spam-signups-on-double-opt-in-list/p1

And this post: [link] http://nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/

I've got this input into OptinMonster:


<?php     <form action="http://aircargo.io/subscribe" method="POST" accept-charset="utf-8">
<?php   <input type="text" name="name" id="name" placeholder="Name" />
<?php   <input type="hidden" name="list" value="J01CXkwd389285AYGgS8WepQ"/>

 <?php               <p class="antispam">Leave this empty: 

<?php   <input type="submit" name="signup" id="signup" value="Submit!" />
<?php     </form> >
(without all of the) php at the beginning obviously. I don't know how to get the form to show in Markdown. and this in the CSS:
html div#om-cviyby1pq9-lightbox .antispam { display:none;}
However, I'm not sure what to do with this to edit it properly and put it in subscribe.php:
<?php 
// if the url field is empty 
if(isset($_POST['url']) && $_POST['url'] == ''){
     // then send the form to your email
          mail( 'you@yoursite.com', 'Contact Form', print_r($_POST,true) ); 
} 
// otherwise, let the spammer think that they got their message through
?>

Thanks

We'll get back to you as soon as possible

I assume all I need to do is get that edited and input into subscribe.php to stop the spambots.

Can you tell me how to edit it please, because we've got a 4mb attachment going with each autoresponder email and they're signing up by the hundreds per day?

Comments

  • Hi,

    The basic idea of creating a honeypot is to create one text input field that is hidden by CSS so the spambot will fill that up.

    Eg. <input type="text" name="antispam" id="antispam" placeholder="antispam" />

    Hide the above with display: none in your CSS stylesheet.

    In the backend script, check that the $_POST['antispam'] is not empty, if it is not empty, it is a spambot submitting the form, then just exit; the script without further processing.

    Eg.

     <?php  
               if(isset($_POST['antispam'])) exit; 
     ?>
    

    Best regards,
    Ben

  • @Ben, thank you. I know and understand what a honeypot is and does. I just don't understand how to implement it in Optin Monster and Sendy.

    I will incorporate the hidden form field in Optin Monster you referenced.
    display:none is already set in CSS as per my OP.

    I will add your php of if(asset($_POST['antispam'])) exit;

    Into subscribe.php

    Anything else or will that work?

  • @ben, Don't you mean: input type="hidden" ?

    Also, where am I putting the if(isset($_POST['antispam])) exit; because every time I place it in subscribe.php and then manually subscribe I get the WSOD instead of the "You're Subscribed" page.

  • If you use input type="hidden" the spam bot will detect that it's a honey pot. So don't use that. Use CSS to hide it. Spam bots can't check CSS scripts.

This discussion has been closed.