[Pro] Form honeypot fields and spam traps

The client for this website is getting a lot of spam, and I am trying to work out why. The form on the example page below is generated via the ‘PHP Feedback Form’ action — excellent in making handling forms straightforward and easy.

I could use the Freeway ‘Send Form’ action and insert a reCAPTCHA, but the idea of a hidden field is simpler and easier to deal with for both myself and genuine website users.

A few questions spring to mind:
Is the spam trap incorporated into ‘PHP Feedback Form’ action still relevant to todays threats? Is the code for it executing properly on my client’s site? It would appear so.
Are form-filling sweatshops becoming so prevalent that this type of trap is becoming less and less effective?

Any comment or guidance on this would be most welcome.

https://www.englishgold.com/contact-englishgold.php


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

I had a similar problem and gave up. Here’s the thread about it from last fall.

https://freewaytalk.softpress.com/thread/view/175428


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Hi Joe — I spotted the thread before posting, and mulling those responses together with more thought about how you might tackle things leads me to similar pessimism. You have the fundamental incompatible natures of trying to thwart input not wanted whilst making it easy for people to contact you. You can choose one or the other it seems.

I was perhaps forlornly hoping that there may still be a way through this!

Ian


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

I think part of the reason these simple options don’t really work any more
is the higher availability of processing power and libraries that do
things. With various libraries designed for doing nice, happy things, it’s
very easy these days to write a tool that will load a page in the same way
a browser does and inspect the DOM, the state of the page after load, to
find form fields that would be visible on screen or find text that is
visually near a form field.

Whatever solution there is to this kind of problem, it’s inevitably a
back-and-forth of spammers getting around it, using a new solution, getting
around that and so on. The reason reCAPTCHA (generally) works so well is
that Google have the resources to be constantly engaging in that battle and
you never have to see it.

I would have liked to use reCAPTCHA v3 in the Send Form Action, which
doesn’t require a visitor to do anything when submitting the form, but
unfortunately using that is much more involved than v2 Checkbox and would
have needed more time than I could put to it.

Simon

On Thu, Jun 13, 2019 at 11:26 AM Ian Halstead email@hidden wrote:

Hi Joe — I spotted the thread before posting, and mulling those responses
together with more thought about how you might tackle things leads me to
similar pessimism. You have the fundamental incompatible natures of trying
to thwart input not wanted whilst making it easy for people to contact you.
You can choose one or the other it seems.

I was perhaps forlornly hoping that there may still be a way through this!

Ian


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options