today i made a esoTalk plugin called Honeypot, it adds hidden form fields (to a human user invisible) into the signup form, to catch spambots.
I combined three techniques:
- one form field gets hidden with CSS
So how does it works?
If any of this hidden form field has a value, or the security hash gets changed the registration won't work and you become redirected to your startpage. The fields are only visible in the sourcecode (to a bot).
Please notice following:
1. I made it realistic as possible, so i used realistic field names (zipcode / phone / homepage). Pseudo names or names with an prefix will not work so well.
2. I didn't find any esoTalk events who becomes triggered in the signup form. So i had to reimplement the "join" - method and the signup view (join.php) too. If you made any changes in this method or in the view (i hope not), you have to do it again in the Honeypot plugin folder (plugin.php for method and resource/join.php is the view).
Method & view are the same like in the latest esoTalk version, just with some little changes.
If you have problems, just disable Honeypot and esoTalk will use the standard signup method & view again. :)
And of course, this is not a 100% protection! If you have any ideas to my thoughts or improvements, please let me know. Maybe we can make later a better plugin with Honeypot and a regular Captcha (like reCaptcha), i had no time to check the reCaptcha API. :(
You know enough now? Ok then download Honeypot on GithHub .