spam bots still coming through

[dni]

hi guys yesterday i installed this extension and i love the idea, problem is that for me still a lot of spam accounts get created, any idea what i can do? everything looks setup correctly insee die mhhs url in the hrml.

[sprankhub]

Please carefully read https://github.com/magento-hackathon/HoneySpam/issues/25. Play around with the type and the name of the honeypot input field. Type email and name email2 worked great for me.

[dni]

Hi, type=email, name=email2, and similar things doesn't do the trick for me, the bot seems to notice the honeypot very well.

Any Ideas left? Going to switch to captcha as last resort don't like it though :(

[sprankhub]

No, then I do not have any other idea :/

You may have a look at Google "invisible" CAPTCHA. It is at least not as annoying as normal CAPTCHAs.

[dni]

i wonder why the bot isnt trapped here, i use honeypots in all my other application and they work just fine.

[sprankhub]

Three possible reasons I can think of:

1. Wrong installation.
2. The bots became smarter.

3. The other honeypot implementations are better.

   1. How do they hide the honeypot fields? CSS-only, JS-only or both?
   2. What are the types of the input fields of the other applications?
   3. What are the names of the input fields of the other applications?

[dni]

1. seems correct if i fill the field i get a redirect to spam protection site
2. maybe
3. i. i use the default honeyspam implementation, i think its this class mhhs which gets display:none; via JS

my other application use a randomly generated input field like, which is different every time. ii, iii. <input autocomplete="off" id="rcktrittsformular-rSfhM5mn1pWy7qP" style="position:absolute; margin:0 0 0 -999em;" tabindex="-1" type="text" name="tx_form_formframework[form][rSfhM5mn1pWy7qP]">

[sprankhub]

Then I have no other idea, sorry.

[dni]

do you think we can modify it to use an additional random field? hidden with just css? like in my example?

[sprankhub]

I cannot think of any reason why a random form field should work better.

[dni]

maybe, the bots got smarter, filling out the forms multiple times, looking for the success page, and remember the fields which are not filled, to get a clue about the honey field.

which isn't really a hard thing to write for a bot. random fields would make this approach not really possible. also if there are 2 or more fields, the bot wouldnt be able to bruteforce find the honeyfield. (atleast not as easy as now).

but yeah, pure speculation, trying to think of a reason why my other honeypots are working fine. @