Fixed empty UA string error
Added payload to log and filtering; Log and rule files are easier to change
Init commit
On my website I use FormSubmit.io in order to allow readers to get in touch with me without disclosing my email address. Lately I've noticed that despite FormSubmit having some sort of anti-spam measures, I am still getting trash to my email inbox. I figured these must be bots, so I decided to make a somewhat simple honeypot solution to try and address this issue.
Note: Use this code at your own risk. I am currently still testing whether this actually works (it did work in testing) and whether it's effective. If you've got any ideas how it could be improved, let me know!
form.html
is a fairly simple contact form that uses redirector.php
as the action: <form id="contactform" action="/redirector.php" method="POST">
It contains two honeypot fields (in my use-case) of two different types:
type=hidden
field: <input name="email" id="email" type="hidden" value="">
type=text
field that is hidden with CSS: <input name="name" id="name" type="text" autocomplete="off" style="opacity:0;position:absolute;z-index:-1;top:0;left:0;height:0;width:0" tabindex="-1">
redirector.php
checks if the current visitor is already banned from sending forms, bans them if honeypot fields are triggerred, forwards the request to FormSubmit and shows an error message.
formspam.php
contains all the logic.
log.txt
and rules.txt
any way you choose, e.g. placing the files outside of htdocs
.