We've noticed in the last couple of months the honeypot technique you employ in Contour is starting to fail for us and we're now getting a steady stream of junk coming into some of our forms. Looking up the IPs they mostly seem to originate from Russia and Africa.
I looked into the subject a little after noticing you've labeled the hidden field in a way that could make it easy for well written bot to pick it out and ignore it.
I think what might be required here is maybe the creation of a randomizing engine, which obfuscates the form field names on the client side and randomly positions the honeypot field each time the form is loaded.
I do agree that it would be nice to have this changed in the core of Contour but it sounds like something you need to fix in a hurry.
So now you know where to look if you're using a newer version of Contour - And I think you should create feature request on the issue tracker at http://issues.umbraco.org/issues and I'm sure it is something the HQ will take into consideration. And perhaps you can even submit a pull request if you figure out something really nice? :)
That's true - and fortunately it's an easy fix but it's stille going to be planned and a release should be made etc. So simply changing the field-name and id could perhaps be enough.
If you file a report on the tracker I'll be happy to vote it up.
Honeypot technique failing for us in Contour
Hi Tim
We've noticed in the last couple of months the honeypot technique you employ in Contour is starting to fail for us and we're now getting a steady stream of junk coming into some of our forms. Looking up the IPs they mostly seem to originate from Russia and Africa.
I looked into the subject a little after noticing you've labeled the hidden field in a way that could make it easy for well written bot to pick it out and ignore it.
Here's some interesting reading for you.
http://www.smartfile.com/blog/captchas-dont-work-how-to-trick-spam-bots-with-a-smarter-honey-pot/
I think what might be required here is maybe the creation of a randomizing engine, which obfuscates the form field names on the client side and randomly positions the honeypot field each time the form is loaded.
Can you look into this ASAP?
Thanks
Martin
Hi Martin
What version of Umbraco and Contour are you using?
If you're using a newer version of Contour you can actually modify the forms.cshtml yourself - That's probably the quickest option.
I do agree that it would be nice to have this changed in the core of Contour but it sounds like something you need to fix in a hurry.
So now you know where to look if you're using a newer version of Contour - And I think you should create feature request on the issue tracker at http://issues.umbraco.org/issues and I'm sure it is something the HQ will take into consideration. And perhaps you can even submit a pull request if you figure out something really nice? :)
Hope this helps.
/Jan
Hi Jan
Yep, I appreciate I could move the field to a different position, but unfortunately the ID of the field has an all too obvious name!
M.
Hi Martin
That's true - and fortunately it's an easy fix but it's stille going to be planned and a release should be made etc. So simply changing the field-name and id could perhaps be enough.
If you file a report on the tracker I'll be happy to vote it up.
/Jan
Awesome Jan,
http://issues.umbraco.org/issue/CON-537
Thanks
Martin
so, is this issue indeed fixed? and how can i tell if there is a honeypot?
is working on a reply...