Money Train 4 RTP,Casino no minimum deposit Philippines.Recharge Every day and Get Bonus up-to 50%!

Resolved mbang
(@mikebang)

10 years, 6 months ago

Honeypot has worked great for months and this last week I have been getting spammed a ton on CF7 forms. Any ideas or any updates released to the plugin to stop this? Seems like the bots have caught on…

WP 3.7.3
CF7 3.7.2
HoneyPot 1.6

https://www.ads-software.com/plugins/contact-form-7-honeypot/

Viewing 4 replies - 1 through 4 (of 4 total)

Ryan
(@daobydesign)

10 years, 6 months ago

I’d start by updating WP and CF7, you’re a few versions behind on both. Next, I’d rename my honeypot fields to something more tantalizing to a bot (ie. “website”, “url”, “email” or something along those lines).

Guenni007
(@guenni007)

10 years, 5 months ago

i renamed it to e.g. “age” and i use it with latest WP and CF7.
But in deed i got some SpamMails (perhaps filled out by hand) but i guess they are bot replies. (All E-Mails came from [email protected])
I think for bots the display:none and visibility:hidden infos are bad.
Perhaps you can use the text-indent option and define a column height of 1px.
If i deleted your css rules of display and visibility there is
a text under the column: “Please leave this field empty”?
Is this realy good?
Thanks
Guenni007
(@guenni007)

10 years, 5 months ago
e.g.
```
.age-777-wrap input.wpcf7-form-control.wpcf7-text {
    border: medium none !important;
    height: 0;
    margin: -20px 0 !important;
    padding: 0 !important;
    text-indent: -999999px;
}
```
and the advice in <small>Please leave this field empty</small>
get rid of that.
Ryan
(@daobydesign)

10 years, 4 months ago

Hi Guenni007, all good suggestions that for now I cannot implement*.

You’re right that hidden elements are a flag for bots, and a potential way around a honeypot. The challenge with your CSS proposition is that while common, it’s a hackish way of hiding elements with potential for failure on older browsers as well as the performance issues with forcing a user’s browser to render a box 999999px wide.

The “please leave this field empty” text is an accessibility feature so that if the field does happen to get displayed (ie., CSS doesn’t load, screen readers, etc.) there are human-readable instructions and the form is still operational.

On a single site, both of your suggestions are totally viable solutions for stopping spam, but to assure the widest-level of compatibility (currently 82,000+ downloads of this plugin), I need to consider how to best weigh usability/accessibility with spam protection.

* That said, you’ve got me thinking that maybe I should variable-ize some of these things and thus allow the user to adjust via the form creator interface if they’d like. Look for these features in v1.7. Until then, you might want to look into the Altering the Honeypot Output HTML section on the Installation tab.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Getting spammed a ton lately’ is closed to new replies.