Login Form "Honey Pot" to Trap Bots

I recently went looking for an email form box script to use on a website and found one that had a "honey pot bot trap". I download the php files, and was reading up on it, I realized that these php files can be used in Login and Join forms, because it spoofs bots into seeing a form field to fill out that people cannot see. When it fills the form field, the php script then prevents the form from being executed. Someone might extend the concept to include a means to log the IP who fails to pass the test.

This could be one way to deal with bots, of which combined with a Captcha test, you have two levels of bot prevention. Anyways, I found this at the PHP Tutorial site.

  • Up vote
    1
    Down vote
  • View
    75
  • More
Replies (3)

    • I suspect this idea might already be used a lot seeing how some captcha's work in determining if a visitor is human.

      • Thanks Dannie!

        You are correct, modern anti-bot tools use similar techniques. While users may think that captcha resolver is the only obstacle, the detection is actually a lot more complex. You may have noticed that some detectors don't even render captcha challenge anymore. Newer tools like Cloudflare Turnstile and Vercel BotID are almost entirely frictionless. Verification methods can be complex and they have to be frequently updated (including honeypots, keystrokes and cursor observers, timing tracking, form honeypots, pseudo elements, pattern matching, etc). We don't recommend using self-hosted captcha tests for that very reason - they don't protect from modern bots, and can in fact be a magnet for bots that seek out more vulnerable systems.

        By the time v15 final is release we will have additional tools in AntiSpam app, most likely with BotID and potentially Turnstile integrations. We're also experimenting with Vercel bot management API in NEO app with the goal to provide it as a integrated metered service for UNA Pro subscribers.

        • Thank you, Andrey, for the insights. Another thing I found I thought was interesting, for an info and help website idea I am uploading, is a long list of banned "bad bots" that I have in an ,htaccess file. I think it has around 1814 bots that are banned. Some of the things you find online are surprising in terms of ideas you can use.

          Login or Join to comment.