How to implement a honeypot in q2a to avoid spam and not use recaptcha?

Question

Today I have been talking to a friend. She was using my forum the first time as "normal user". She said "I hate this spam thing, i never know how to write these words, and reload, reload, reload until there is something I can read."

Well, we had once the discussion here and I was kind of pro-reCaptcha which has changed today.

Instead of reCaptcha I plan to just use a simple honeypod method. We add a hidden field to the form, if this got checked, then it is a bot (as many of them check what they can get)...

Question is: How can this be implemented in the current q2a software?

Can we do it using a plugin?

Comments

I guess this is part of the answer to my question: http://www.question2answer.org/qa/13382/could-you-use-the-custom-field-for-a-custom-captcha?show=13383#a13383

However, I need to add an input field to the ask form / answer form / comment form. Question opened: http://www.question2answer.org/qa/28354/how-to-add-input-field-on-ask-form-answer-form-comment-form

-----

*** Premium Plugin "Stop Spam" released at http://www.q2apro.com/plugins/stop-spam

Answer 1

it's pretty simple, add a theme layer with this code:

 

        function doctype(){
            // if it's a page with form
            if ($this->request=='ask' || $this->request=='register' || $this->request=='login'){
                // add checkbox
                $optionfield=array(
                    'id' => 'honeypot',
                    'label' => 'don\'t check me',
                    'tags' => 'NAME="honeypot" ID="honeypot"',
                    'type' => 'checkbox',
                );
                $this->content['form']['fields']['honeypot']=$optionfield;
                // see if we got a bot or not
                if ( qa_post_text('honeypot') )
                    echo 'gotch ya!'; // or redirect to a page with captcha
            }

           qa_html_theme_base::doctype();
        }

Comments

and don't use the name or ID "honeypot". it's a big giveaway. also in your comment you mentioned using JS to add the command element when loading the page, it's a mistake. do everything at server side.

---

Thanks my friend that helps to understand!

However, I need the honeypot-inputfield on each page because the editor is showing up on each question page (for answer or comment). Mhhh... do you think I can just use: if($this->template=='question')

But I wonder, if there are multiple comment forms we need a honeypot for each of them...

---

in question pages add the field to "$this->content['a_form']['fields']" for it's answer form & also in 'c_form' array index's for comment forms inside 'a_list' arrays(with a 'foreach' to include all comment forms for each answer & don't forget the question itself).
also I think we missed something. you can simply register a "captcha" module:
http://www.question2answer.org/modules.php?module=captcha

Answer 2

you should check "$this->request" to see if it's a page with a form. then add a new field to "$this->content['form']['fields']" and check it's value on one of the first layout functions like "doctype()" to see if it's checked and if it is then you should block visitors ip and redirect him/it to a page which he can unblock his ip with a captcha(in case of false positive | that's what google does when it get's suspicius).

there are also better ways to detect a bot, here are those which I remember:

1. use a timer to check the time diffrence of when it load page and when the form was submited. bot's usually don't wait and do it in a second.
2. use JS to check if actually keyboard keys are pressed or mouse is moved.
3. use two checkboxes instead if one. one should randomly be checked and the other unchecked. you can also add the JS to change a third one to see if the form is loaded in a browser rather than in a bot.
4. instead of honeypot check the IP in blacklist or use cloudflare.
5. check it with Akismet database.

also if you want to use a checkbox, make sure the checkbox itself is not hidden with css. instead use JS to remove or hide the element or hide it in an overflow at the end of it's container. spammer bots are smarter than some people(belive me they are).

also use random names and IDs for checkbox. you can show another visible checkbox for real users to check when they are visiting Q2A for the first time.

Comments

Hi, and thanks a lot for this valuabel information.

I already thought of a quite simple thing: I output the submit button with javascript only. As far as I know, bots don't use javascript. I guess, when the submit button is missing, they cannot submit the form?!

---

I am still stuck adding the extra fields by the way: http://www.question2answer.org/qa/28354/how-to-add-input-field-on-ask-form-answer-form-comment-form

---

Never mind, I ended up writing my own captcha: http://www.question2answer.org/modules.php?module=captcha

It was simpler than I thought.

Now I am asking a maths question in words, and the user has to enter the number. As easy as that. Let's see if they can break also maths in foreign languages. If so, I have to come up with another solution... the honeypot!