stefan's archive

designed for:
opera firefox

visitors:
kostenloser Counter

CMS-login

CSS-Spambot-Honey Pot Trap

Okay, a few months have passed since my tiny Mozilla-FireFox-AddOn-review. So it is time again for something useful.

For about one and a half week I had been trying to build a CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA) for my page. However, this – as the timespan indicates – proved to be way more difficult than I thought it would be. The problem with a CAPTCHA is that including one that works without using a standard form mailer (e.g. http://thedemosite.co.uk/phpformmailer/source_code_php_form_mailer_more_secure_than_cgi_form_mailers.php) is quite a thing to do. However, using a form mailer was out of question for me since I want to store guest book entries in my own database.

Today I hit on something that proved to be the answer to my prayers: the so called honeytrap. The basic idea is this: Spambots –at least simple ones-- usually do not read the CSS of your page. They just take your guest book/comment form and fill in whichever textfield they find. Now the thing you can do to eliminate spam is this: include a textfield that has to remain empty in order to store the other comment-fields in a SQL database. This is the theory and it sounds simple, doesn't it? And to some extent it definitely is. The CSS should look like this:


#human {
visibility:hidden;
display:none; }
.
Piece of cake really.
For a detailled description you should read this: http://klauskjeldsen.dk/2007/07/19/avoid-html-form-spam-using-css/.
I will not include how to put in a textfield since if this blog is interesting for you you probably already know that.

But that still left me with the same problem I already had trying to put in a CAPTCHA: the php-code. To be honest, I am terrible with php code. I know the basic principles but I am completely clueless as far as particular commands and queries are concerned. The Dreamweaver does that for me. Now most people who need this kind of spam protection are familiar with the basics of php and therefore they don't bother to give you the php-query to make this work. I guess it is just to simple for them. Well, it certainly wasn't for me. However, after hours of trying I came up with this:
if($_POST["human"] != "") {die(); }
For real php-heads this might be laughable but for a few people with no clue about coding it might come in handy.

Now a last piece of crucial information is missing: where to put it. The answer is just below this query:
if ((isset($_POST["MM_insert"])) &&
($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO guestbook
(name, entry, email, hompage) VALUES (%s, %s, %s, %s)",


GetSQLValueString($_POST['SQL_column_w'], "text"),
GetSQLValueString($_POST['SQL_column_x'], "text"),
GetSQLValueString($_POST['SQL_column_y'], "text"),
GetSQLValueString($_POST['SQL_column_z], "text"));

Have fun.
2008-02-15 00:00:00