{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 再贱就再见 的问题《How effective is the honeypot technique against sp》','https://www.manongdao.com/q-77641.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
By "honeypot", I mean more or less this practice:
#Register form
<style>
.hideme{
display:none;
visibility: hidden;
}
</style>
<form action="register.php">
Your email: <input type="text" name="u-email" />
Choose a password: <input type="text" name="passwd" />
<div class="hideme">
Please, leave this field blank: <input type="text" name="email" /> #the comment is for text-browser users
</div>
<input type="submit" value="Register" autocomplete=off />
</form>
//register.php
<?php
if($_POST['email'] != ''){
die("You spammer!");
}
//otherwise, do the form validation and go on.
?>
more info here.
Obviously the real fields are named with random hashes, and the honeypot fields can have different names (email, user, website, homepage, etc..) that a spambot usually fills in.
I love this technique because it doesn't cause the user to be annoyed by CAPTCHA.
Does anyone of you have some experience with this technique? Is it effective?
It works relatively well, however, if the bot creator caters to your page they will see that (or even have a routine setup to check) and will most likely modify their bot accordingly.
My preference is to use reCaptcha. But the above will stop some bots.
With below technique, I block 100% of spams.
Deny access with IP address is very effective because bots keep trying to sneak in with same IPs (if they change IP then I put that new IP on htaccess so no problem). I trim .htaccess file daily with crontab automatically so the file won't be too big. I adjust the number of IP to block so same bot with same IP will be blocked for about a week or so. I noticed that same IP is used by bot for 3 days attacking several times.
The first #1 trick blocks about 99% and #2 blocks about 1% and the bot won't go through those 2 so #3 might not be necessary.
Old question, but I thought I'd chime in, as I've been maintaining a module for Drupal (Honeypot), which uses the Honeypot spam prevention method alongside a time-based protection (users can't submit form in less than X seconds, and X increases exponentially with each consecutive failed submission). Using these two methods, I have heard of many, many sites (examples) that have eliminated almost all automated spam.
I have had better success with Honeypot + timestamp than I have with any CAPTCHA-based solution, because not only am I blocking most spammers, I'm also not punishing my users.