Honeypot for spam protection

[Torsten-K]

Contact 3 has got some kind of honeypot for spam protection. In plugin.php there’s a hidden, unvisible checkbox with the ID interested. Unfortunately, I receive spam mails nevertheless (I don’t use the Google captcha).

I am now testing the following: I made the checkbox visible and wrote a text like this: Please tick this box only if you want to send a dubious message or are not a human being at all. (but in German language). I’ll report if this works better. Let’s hope the spambots are stupid enough.

[david-novafacile]

Yes, unfortunately the old Honeypot solution does not work reliably anymore. If you have tested your version, let me know if it's working better.

[Torsten-K]

Unfortunately, I have to say, it makes no difference. My guess is that the bots scan for the word required in the source code of the input fields. I have put this word in quotes now (for the checkbox that a bot should set to checked.), so that the word is still there, but no longer represents a statement. Let’s see if this helps. I will keep you informed. <input type="checkbox" id="interested" name="interested" size="2" class="form-control" "required">

I think those common captchas (like Google captcha) are quite user-unfriendly, especially for visually impaired people. I could imagine a solution like the following: A sentence is displayed, and the user is forced to write only the first word (or second or whatever) into an input field, like this: Please enter the second word of the following sentence: My sister loves cookies. PHP could be used to check whether the correct single word was entered. A spambot will probably enter the whole sentence (if it's not too smart).

[david-novafacile]

I think I should remove the old simple spam protection. It doesn't work anymore and it only makes trouble, like #20

Maybe it's better to integrate something like you described.

[david-novafacile]

@Torsten-K For the new version I decided against developing my own spam protection or another honey pot solution. To make it really work reliably, I would have to spend quite a lot of time in development and testing just for it. To have an alternative to Google reCaptcha, I integrated hCaptcha. I'm looking at PHP-only captcha solutions for future releases. Unfortunately, it doesn't seem to be that easy to find something good. Either it looks weird to the user or some libraries are needed or development has stopped. If you have a good tip for a good PHP package, please let me know.

[Torsten-K]

hCaptcha is better than Google’s captcha regarding privacy. But it’s terrible for human visitors as well. The pictures are sometimes rarely recognizable, and you have to fill out another captcha and another … I guess everybody hates these things. I have ideas for a better solution, but have not started programming it. Might take some time.

[ltguillaume]

Isn't a simple checkbox with a label "I agree to the terms of conditions as stated here." and a CSS height of 0 a measure that's sufficient for many bots? Couldn't be easier to implement.

[david-novafacile]

Isn't a simple checkbox with a label "I agree to the terms of conditions as stated here." and a CSS height of 0 a measure that's sufficient for many bots? Couldn't be easier to implement.

A kind of this was the implemented and in another version tested by Torsten. It doesn't work anymore. This was the easy solution in the past, but meanwhile bots recognize this trap.

I'm thinking about a simple way of the idea of Torsten with the sentence...

[david-novafacile]

I implement idea from @Torsten-K with the logical question

[david-novafacile]

A logical question as simple spam protections is in new beta: contact3-v2.1-beta1.

It would be great if one of you could test it. 😃

[Torsten-K]

A logical question as simple spam protections is in new beta: contact3-v2.1-beta1.

It would be great if one of you could test it.

Hard times for me at the moment, as my father died last friday, but I am looking forward to testing it soon.

[david-novafacile]

Hard times for me at the moment, as my father died last friday, but I am looking forward to testing it soon.

Oh, I'm sorry to hear that! :( My condolences! No stress, there are really more important things than testing this. I wish you a lot of strength for this time.

[david-novafacile]

Contact3 v2.1.0 with the new spam protection feature is online. Thanks @Torsten-K for the idea with the logical question!