Robert Basic: Honeypot for Zend Framework
Robert Basic has posted an article showing how to detect when an automated spam script has been used to complete and post a Zend_Form form.
I just hacked up a little code snippet based on Matthew’s Honeypot WordPress plugin. It’s basically just a Validator for a Zend Form element which is hidden from the user via CSS. Cause it’s hidden, users won’t see it, but spambots will, well, cause they are bots.
He supplies code for the validator and also shows how it can be used with a text element. Well worth a read and adding to your forms.
Harro responded on 21 Apr 2010 at 1:09 pm #
That works.. putting a fake transparent pixel on all form backgrounds which sets a session variable also works. All Post requests check if the session variable is set or not.
Evan Wired responded on 21 Apr 2010 at 1:25 pm #
Am I missing something? Where’s the link to Robert Basic’s article?
Matthew Weier O'Phinney responded on 21 Apr 2010 at 1:37 pm #
Um… where’s the link to the original blog post?
Matthew Weier O'Phinney responded on 21 Apr 2010 at 1:38 pm #
D’oh, never mind… missed that Robert’s name was linked.
Herman Radtke responded on 21 Apr 2010 at 3:42 pm #
@Harro That works but it causes the app to make another http request. Not ideal.