freak3dot
commented
8 years ago The name of the honeypot field is deliberately not obscured. We want the bot to find the honeypot field and fill it in.
Closed cferdinandi closed 8 years ago
freak3dot
commented
8 years ago The name of the honeypot field is deliberately not obscured. We want the bot to find the honeypot field and fill it in.
cferdinandi
commented
8 years ago I get that, but if it's the ONLY field that's not obscured, isn't that too obvious? Or am overestimating the sophistication of bots?
On a related note, since website is not a required field, would it be worth removing that from the list of honeypot field names used?
How do you feel about assigning a random string to the honeypot field name/ID as well? Since it's presently the only field that's not obscured, a bot could theoretically easily pick it out from the list. Most bots are dumb, so this probably isn't a real concern, but since all the mechanisms are in place in the code to support it already, I thought it was worth asking.
I would offer to PR this one, but I'm still a bit unclear on how the code is identifying the honeypot field, so I'm worried I'm mess this one up.