Closed Graham-72 closed 7 years ago
herbdool
commented
8 years ago Have you tested it? The idea of honeypot is that the spambot isn't smart enough and fills in the field hidden to humans. When I test it and manually fill in the hidden field it gives me an error as expected. Perhaps you can test that first.
Graham-72
commented
8 years ago Yes, I have tested it and it is working. The hidden field is there and Honeypot is adding a log message 'Blocked submission of user_register_form due to submission of the form in less than minimum required time.' But it is not preventing sending of the email 'Thank you for registering at [site:name]. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.' It would be better not to send this in reply to a suspect registration.
jenlampton
commented
7 years ago Hm, that sounds like validation is not actually failing (allowing the form to submit) or perhaps the email is sent even if validation does fail (which would be a core bug)
Graham-72
commented
7 years ago I have now retested and there would seem to be no problem. It is working as expected.
I am having a problem with the user registration page because spammers are submitting false registrations which Honeypot is detecting and logging, but not preventing the sending of an email response from the system. This is addressed to a ficticious address but is likely to give my server a bad reputation. Is Honeypot not meant to stop the normal email response to a user registration?
To avoid this problem I have now added CAPTCHA to my site, just for the user registration form, but it would be good to know whether this is intended behaviour by Honeypot.