in Webcraft

Human friendly SPAM prevention using Honeypot and timestamps

Form SPAM is common with pubic websites. SPAM bots have been trained to fill out any form they encounter, with common fields such as ’email’, ‘name’, etc..

There are several approaches to dealing with form spam. A common approach is to put up hard-to-read words on the form, called CAPTCHA, and have the user type the letters in a field to prove they are human. This approach is losing itsĀ  usefulness, as SPAM bots are able to correctly detect the letters sometimes. It also punishes the humans, who have to strain to read the letters. This detracts usability diminishes accessibility.

An alternative approach places a hidden field on the form that only SPAM bots can see. When a form is submitted with this field, the software automatically knows it is junk. This field is called a ‘honeypot’. The honeypot technique can be combined with other heuristic tests to determine spam-botti-ness, such as a threshold of time taken to fill out a form. For example, the average human may take 30-60 seconds to fill out a form, while a SPAM bot can SPAM the form dozens of times a minute. If the system detects frequent, or very fast, submissions, it can flag the submission as SPAM.

Drupal has a project, called Honeypot, that provides a non-invasive approach to SPAM detection, using the methods outlined above.

Write a Comment