9/3/2023 0 Comments Ssh honeypot![]() ![]() I think that the most configurations you add to the elements, the most hints you give to bots and spammers. But i believe that this simple pattern can avoid at least 50% of spams in your webpage. Remember: this is just a simple layer to prevent attacks in a simple way, some technologies can identify even this patterns, so use all the weapons you can against it. Here is a single-file repo with a simple implementation of this technique: If names as "email, phone, etc" are important to your backend, just transcript the names using arrays. When you catch a spam, just dont send the data and do whatever you want with it. If you prefer, you can do this check on the client, in case of an ajax form, this will avoid use server resources to compute unuseful data (but keep the backend validation anyway). So, all you have to do is to check if any of your "h o n e y p o t" fields came filled, if yes, its a spam. Most of them will fill all this fields without differentiate them. Verify if any of the "h o n e y p o t" fields came filled.And our honeypot (dont write "honeypot", prefer split the letters to avoid any recognition). Now we have 2 parts in our form: Real fields with our inputs protected by hashes and strange names (you can implement the hash or strange names as you prefer). Use simple and common names as "email, phone, name, etc", disable the autocomplete (so, browser will not fill it), disable rules, but keep the types. Turn your fake input the most simple, generic and attractive as possible. Important to: Let the label empty, use your 'ohnohoney' class to hide all those fake inputs. Now, a bot cant recognize what this fields are, they're just know that the form has some fields which must be filled, maybe following the "type" as pattern.īy creating the "h o n e y p o t" fields we will be able to identify the Spammer. Dont use "name-hash" or variations of that, a simple split would expose the real field name. Commonly i use the pattern "nameHASH" all together. ![]() This fields must have the identifications changed to hashes. This are the visible fields and the ones which must be relevant to your backend in terms of data. Dont use "hidden" in the class name, some advanced bots can recognize it. Important to point some things now:ĭont use display:none, some bots cant access fields with display none, other simply know that they should'nt fill the display none fields. Enter fullscreen mode Exit fullscreen modeįirst we created a class to hide things. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |