the Forum

Reverse Honeypot Captcha

Posted on April 22, 2012 by Michael Rosario
Total Posts: 33  |  Join date: 03-12-11

Honeypot works by having a hidden field in a form. Naturally, a spammer-bot will try to fill in every single field - including our trap - the Honeypot! However, why do I still get spam? Introducing, the Reverse Honeypot Captcha.

First we setup a Honeypot field. Try it out. This might be your first line of defense for a week or so until the spammer figure out your site.

For more information, Phil Haack wrote a nice post about it on his blog: Click here

Second, you fill this field by default.

<input id="NAME" type="text" style="display: none;"  value="I'm a spammer" /> 

By itself, this will trigger honeypot to identify everyone as a spammer. Now, here is the concept for Reverse Honeypot Captcha. We introduce jQuery or plain javascript to remove the value of that field when an actual human being hovers on the submit button.

$('.Button').hover(function()$("#NAME").val(''); },function(){}); 

This jquery bit removes the value from the honeypot field when a user hovers the submit button.

Tags: There are no tags for this entry.

7 answers, add yours below

Posted on on May 31, 2012 at 6:37am
by jaffa

Great.

 

Posted on on June 17, 2012 at 3:49pm
by Stano

Yes great! Thanks Michael for this nice solution. Tested it and it fails, only if user submits the form using tabulator, or by pressing Enter key while on text input. Modified the code a little to avoid this behaviour:

$(document).ready(function(){
 $('form[name="form1"] input').each(function(){ this.setAttribute('tabIndex''-1'); });
 $('form[name="form1"] input[type="submit"]').hover(function(){ this.form.NAME.value='human'},function(){});
 //$('form[name="form1"]').submit(function(){alert(this.NAME.value);});//test
});
[removed]</head>
<body>
<form name="form1">
<input type="text" name="item1">
<input type="text" name="NAME"   value="I'm a spammer" />  
<input type="submit" name="send" value="Send">
</form


 

Posted on on June 17, 2012 at 7:20pm
by Stano

Well, I tried to fix form behaviour when submitting by keyboard, hope I haven't mess it up. One problem is that it still cannot be blocked if submitted pressing spacebar:

$(document).ready(function(){
 $('form[name="form1"] input[type="submit"]').hover(function(){ this.form.NAME.value='human'},function(){});
 $('form[name="form1"]').keypress(function(evt)if (evt.which==13 || (evt.target.type=='submit' && evt.which==32)) return false; else return true});
 //$('form[name="form1"]').submit(function(){ alert(this.NAME.value); return false; });//test
}); 

Imho this captcha is nowadays probably the best way, how to differenciate between bot and human. Maybe also a supplemental message: "Please submit this form using a mouse instead of keyboard to prove that you are human" can do the above task sufficiently. grin

 

Posted on on June 18, 2012 at 3:59am
by Stano

So finally, the above fixes combined, hopefully a good solution:::

$(document).ready(function(){
  $('form[name="form1"] input[type="submit"]').hover(function(){ this.form.NAME.value='human'},function(){});
    $('form[name="form1"]').keypress( function(evt)return !(evt.which==13 && evt.target.type!='textarea'); });
    $('form[name="form1"] input[type="submit"]').attr('tabIndex',-1); // prevent submiting by spacebar (keyCode==32)
}); 

 

Posted on on June 18, 2012 at 8:36am
by Michael Rosario

Hey Stanov, Thanks for improving the code on the post. First, by checking if NAME = "human." Then if a keyboard is pressed and preventing the form from submitting on spacebar. My form SPAM issues on coderrific has certainly improved, but it's only a matter of time til' the Spammers adapt. When that happens, I'll certainly revisit your solution and add it. Thanks again.

 

Posted on on June 18, 2012 at 5:30pm
by Stano

Oh, I am glad it's a bit useful. And Mike, also thanks for highlighting the code. Best regards Stano

 

Posted on on January 18, 2013 at 5:46pm
by Chris

Thanks for info in the article and also to the great comments. Very helpful! One question... instead of a hidden field that remains empty, what about using a decoy "Submit" button? If the decoy "Submit" button was hidden (with JS or CSS) and placed before the real "Submit" button, the bot would click the decoy button first but a human would click the actual button. Still the down side of all these hidden field methods is that they're not very friendly for handicap accessibility.

 
add your answers here
comments powered by Disqus
Add New Thread

Trending Threads

How to create a simultaneous search box using HTML/JavaScript?
Posted on March 13, 2013 by Arnold
2 Replies  |  Add a Reply
CarouFredSel is not loading consistently on page reload.
Posted on April 30, 2013 by Michael Rosario
6 Replies  |  Add a Reply
Removing all eventSources in jQuery FullCalendar plugin
Posted on June 14, 2011 by Michael Rosario
3 Replies  |  Add a Reply
Fancybox 2 is shifting on load
Posted on September 12, 2012 by Michael Rosario
11 Replies  |  Add a Reply
How to get a JSON feed with YouTube and parse using Jquery
Posted on November 2, 2011 by Michael Rosario
1 Reply  |  Add a Reply
I’d like to be able to add Facebook, Twitter, Pinterest, and Instagram feeds to my website
Posted on July 25, 2014 by James
2 Replies  |  Add a Reply
Enable GZIP on Pair.com
Posted on April 4, 2014 by Michael Rosario
2 Replies  |  Add a Reply
How to add email collection popup on my website
Posted on December 1, 2011 by Tony
2 Replies  |  Add a Reply
Issue using mediaelement.js with IE7/8 blank video with sound
Posted on March 16, 2012 by Michael Rosario
3 Replies  |  Add a Reply