Web Development & Execution
J.P. Berry
by J.P. Berry
share this
« Back to the Blog

Form Submission/Post Honeypots

Form Submission/Post Honeypots

A bot sending SPAM triggered an error on one of our form pages last night. So this morning I thought I'd share... Let's look at the honey pot technique I'm using on some of our projects to thwart SPAM. The basic solution is to have computer bots post forms to one address and real people to another. Using this technique form posted by bots return as false positives, so the bot thinks it has successfully posted a SPAM message and doesn't know any better.

The idea is that once the form is fully validated, you switch the form's action property to one you've defined in an HTML5 data attribute. That way bots that are disabling JavaScript to bypass client-side validation post to an address that exists (you don't want to 404), but doesn't actually do anything server-side. Some of our installations still save the form information to a separate database in the off-chance the human doesn't have JavaScript enabled. I don't send form emails if JavaScript is disabled because there is a 99%+ chance the form post is from a bot.

Here is the basic JavaScript idea in code form:

<form id=”MyForm” action=”postHP” data-action=”myrealPostAddress”>
<input class="”required”" name="”fname”" /”
$("MyForm").validate(function() {
// on success check for a data-action attribute
var realAction = ($(this).data("action");
if(realAction.length > 0) {
$(this).attr("action", realAction);
// Now do an ajax submit or continue your normal POST, GET, etc   

This method works well and can be used with or without CAPTCHA.



Thank you for contacting us!

We'll be in touch!

Back Home ×