[pmwiki-users] PmForm Honeypot at work

Criss Ittermann crisses at kinhost.org
Fri Jun 27 09:27:12 CDT 2014


Just sharing a triumph of PmForm + Honeypot recipe, while pouring over mod_security logs:

The false email form field "Subject" caught this robot.  the Subject field is hidden via CSS.  When PmForm sees content in Subject, the email content is rejected and for accessibility reasons (lynx, screen readers) pmform returns the content to the user with an error asking to re-submit the form and leave Subject blank.  

n=Main.HomePage&action=pmform&target=mailme&Subject=nike+free+run+5.0%0D%0Adb107&email=tosskiyuqi%40sina.com&business=&name=mptupwkb24&position=&phone=123456&url=&interest=Business+Coaching&comments=<a+href%3Dhttp%3A%2F%2Fwww.newcastleradiology.com.au%2Fstylish-nike.html><b>cheap+nike+shoes+online<%2Fb><%2Fa>+<a+href%3Dhttp%3A%2F%2Fwww.pioneerhandcraft.ca%2Fnikeweb.cfm><b>nike+free+run+3<%2Fb><%2Fa>+
[not shown, about 40 more links...]

I highly recommend having email forms on your website using the PmForm & Honeypot recipes. I've used them on dozens of websites and not seen bot spam come through -- but it's cool to see it at work in the logs.

Crisses

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20140627/61996078/attachment.html>


More information about the pmwiki-users mailing list