HoneyPot

In computing contexts, a honeypot is a trap set to detect and deflect unauthorized use of a system. On the web, where zombie computers are often used to automatically post spam to web sites, a honeypot field can be a way of filtering illegitimate posts to the site.

In some ways a honeypot is a "reverse captcha". A captcha attempts to prevent illegitimate posts by asking for information that is difficult for an automated system to determine (such as random graphic letters on a busy background). A honeypot takes the opposite approach -- instead of having an input box that must be filled in by a person, we provide a "honeypot" input box that is detectable by robots but invisible to people. If the form is then submitted with a value in the honeypot field, we know that it probably came from an automated robot of some sort and can block the post.

The PmForm module makes it very easy to implement honeypots. There are two basic steps: first, providing an invisible field where the robot can enter a value; second, making sure that the field is empty when the form is submitted.

To generate an invisible input text field, use:

    %comment% (:input text name=honeypot value='':) %% 

The %comment% wikistyle causes the input control that follows to not be displayed by a browser (but the control will still appear in the HTML output of the page).

To make sure the honeypot field is empty when the form is submitted, use:

    (:template requires honeypot match='' errmsg='$[Do not fill in honeypot field]':)

This directive says that the honeypot field coming from a submitted form must be empty, otherwise we generate an error message.

Of course, the field does not have to be called "honeypot" in order for this to work -- any field name can be used. (Some robots may be smart enough to know not to fill in fields with names like "honeypot".)

 0: 00.00 00.00 config start
 1: 00.01 config end
 2: 00.21 MarkupToHTML begin
 3: 00.22 MarkupToHTML end
 4: 00.22 MarkupToHTML begin
 5: 00.23 ReadApprovedUrls SiteAdmin.ApprovedUrls begin
 6: 00.23 ReadApprovedUrls SiteAdmin.ApprovedUrls end
 7: 00.25 MarkupToHTML end
 8: 00.25 MarkupToHTML begin
 9: 00.25 MarkupToHTML end
10: 00.25 now