Honeypot / Spamtrap

[jetsgit]

Jeff,

Great job on the documentation! Really makes a big difference on the time it takes to get a gem working.

Have you considered incorporating a honeypot into spree_contact_us? Or is there one already?

I found a simple one that Cedric Howe has written:

 https://github.com/cedric/spamtrap

...although as a standalone, it requires configuration in views, controller, and environment.rb. So if the code was incorporated into spree_contact_us would make implementing much easier.

Cheers,

Jet

[JDutil]

I don't have support for any honeypot yet, but would like to add one as I've begun receiving some spam through one of my apps contact forms.

Would you be able to submit a pull request integrating one?

I'm not sure which honeypot gem to integrate with at this point. I'd like to look into the various options some more. My concern about the spamtrap one is that it hasn't been updated in over a year, and they note that they need to add tests... Ideally I'd like for the honeypot choice to be a project that is still active and tested or possibly writing a custom implementation just for this extension.

[JDutil]

Theres a honeypot branch now. You could get that a shot if you like. I'm not going to pull into master unless the pull request I have open for rack-honeypot is accepted to fix a bug I encountered though. In the meantime if your using my fork specified in the Gemfile you should be fine.

[jetsgit]

Thanks Jeff,

I'll give it a try after I finish migrating from 1.1.4 to 1.3.2

...really did not want to do that, but I just finished a site when I heard about the security issue. Figured might as well do the upgrade now vs the hack to 1.1.4

Cheers,

Eric

On 01/15/2013 04:36 AM, Jeff Dutil wrote:

Theres a honeypot branch now. You could get that a shot if you like. I'm not going to pull into master unless the pull request I have open for rack-honeypot is accepted to fix a bug I encountered though. In the meantime if your using my fork specified in the Gemfile you should be fine.

— Reply to this email directly or view it on GitHub https://github.com/jdutil/spree_contact_us/issues/10#issuecomment-12264746.

[jetsgit]

Yep, tried honeypot with v.1.3.2 and it's broke.

and in the stack trace noticed something about rack, error was on 'each'

Would send you the dump, but sure you have seen it plenty of times.

Good news is that master fixes an error I was having with 1.3.2-beta.

Cheers,

jet

On 01/15/2013 04:36 AM, Jeff Dutil wrote:

Theres a honeypot branch now. You could get that a shot if you like. I'm not going to pull into master unless the pull request I have open for rack-honeypot is accepted to fix a bug I encountered though. In the meantime if your using my fork specified in the Gemfile you should be fine.

— Reply to this email directly or view it on GitHub https://github.com/jdutil/spree_contact_us/issues/10#issuecomment-12264746.

[JDutil]

Hey yea that is the error I've fixed in my fork of rack-honeypot. It should work for you if you specify in your Gemfile to use my fork until the fix is accepted upstream.

gem 'rack-honeypot', github: 'jdutil/rack-honeypot', branch: 'fix_each_error'