Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Martin Griffiths 826 posts 1269 karma points c-trib
    Mar 28, 2014 @ 17:07
    Martin Griffiths
    0

    Honeypot technique failing for us in Contour

    Hi Tim

    We've noticed in the last couple of months the honeypot technique you employ in Contour is starting to fail for us and we're now getting a steady stream of junk coming into some of our forms. Looking up the IPs they mostly seem to originate from Russia and Africa.

    I looked into the subject a little after noticing you've labeled the hidden field in a way that could make it easy for well written bot to pick it out and ignore it.

    Here's some interesting reading for you.

    http://www.smartfile.com/blog/captchas-dont-work-how-to-trick-spam-bots-with-a-smarter-honey-pot/

    I think what might be required here is maybe the creation of a randomizing engine, which obfuscates the form field names on the client side and randomly positions the honeypot field each time the form is loaded.

    Can you look into this ASAP?

    Thanks

    Martin

  • Jan Skovgaard 11280 posts 23678 karma points MVP 10x admin c-trib
    Mar 28, 2014 @ 17:20
    Jan Skovgaard
    0

    Hi Martin

    What version of Umbraco and Contour are you using?

    If you're using a newer version of Contour you can actually modify the forms.cshtml yourself - That's probably the quickest option.

    I do agree that it would be nice to have this changed in the core of Contour but it sounds like something you need to fix in a hurry.

    So now you know where to look if you're using a newer version of Contour - And I think you should create feature request on the issue tracker at http://issues.umbraco.org/issues and I'm sure it is something the HQ will take into consideration. And perhaps you can even submit a pull request if you figure out something really nice? :)

    Hope this helps.

    /Jan

  • Martin Griffiths 826 posts 1269 karma points c-trib
    Mar 28, 2014 @ 17:37
    Martin Griffiths
    0

    Hi Jan

    Yep, I appreciate I could move the field to a different position, but unfortunately the ID of the field has an all too obvious name!

    M.

  • Jan Skovgaard 11280 posts 23678 karma points MVP 10x admin c-trib
    Mar 28, 2014 @ 17:42
    Jan Skovgaard
    0

    Hi Martin

    That's true - and fortunately it's an easy fix but it's stille going to be planned and a release should be made etc. So simply changing the field-name and id could perhaps be enough.

    If you file a report on the tracker I'll be happy to vote it up.

    /Jan

  • Martin Griffiths 826 posts 1269 karma points c-trib
    Mar 28, 2014 @ 17:45
    Martin Griffiths
    0

    Awesome Jan, 

    http://issues.umbraco.org/issue/CON-537

    Thanks

    Martin

  • bob baty-barr 1180 posts 1294 karma points MVP
    May 18, 2015 @ 19:08
    bob baty-barr
    0

    so, is this issue indeed fixed? and how can i tell if there is a honeypot?

Please Sign in or register to post replies

Write your reply to:

Draft