2017 © Pedro Peláez
 

library stack-honeypot

Sets up a form honeypot for spambots and redirects them to a blank page

image

chh/stack-honeypot

Sets up a form honeypot for spambots and redirects them to a blank page

  • Thursday, January 30, 2014
  • by chh
  • Repository
  • 1 Watchers
  • 18 Stars
  • 180 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 2 Forks
  • 0 Open issues
  • 3 Versions
  • 0 % Grown

The README.md

Stack\Honeypot

A port of Rack::Honeypot to Stack for PHP., (*1)

Install

composer require stack/honey-pot:~1.0

Usage

Wrap your HttpKernelInterface app in an instance of CHH\Stack\Honeypot or add it to your middleware stack., (*2)

With stack/builder:, (*3)

<?php

$options = [];

$app = (new Stack\Builder)
    ->push(CHH\Stack\Honeypot::class, $options)
    ->resolve($app);

Without the builder:, (*4)

$app = new Stack\Honeypot($app, $options);

From Rack::Honeypot:

This middleware acts as a spam trap. It inserts, into every outputted <form>, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software., (*5)

In the <body>:, (*6)

<form>
  <div class='phonetoy'>
    <label for='email'>Don't fill in this field</label>
    <input type='text' name='email' value=''/>
  </div>
[...]

In the <head>:, (*7)

<style type='text/css' media='all'>
  div.phonetoy {
    display:none;
  }
</style>

Then, for incoming requests, the middleware will check if the text field has been set to an unexpected value. If it has, that means a spambot has altered the field, and the spambot is booted to a dead end blank page., (*8)

There are a few options you can pass to the constructor (or to the Stack Builder):, (*9)

  • class_name is the class assigned to the parent div of the honeypot. Defaults to "phonetoy", an anagram of honeypot.
  • label is the warning label displayed to those with CSS disabled. Defaults to "Don't fill in this field".
  • input_name is the name of the form field. Ensure that this is tempting to a spambot if you modify it. Defaults to "email".
  • input_value is the value of the form field that would only be modified by a spambot. Defaults to blank.
  • always_enabled (defaults to true) set to false if you don't want to insert the trap into all responses returned by your app. Just add X-Honeypot: enabled to your response headers to enable the trap for this response.

License

See LICENSE.txt., (*10)

The Versions

30/01 2014

dev-master

9999999-dev

Sets up a form honeypot for spambots and redirects them to a blank page

  Sources   Download

MIT

The Requires

 

The Development Requires

stack

23/01 2014

v1.0.1

1.0.1.0

Sets up a form honeypot for spambots and redirects them to a blank page

  Sources   Download

MIT

The Requires

 

The Development Requires

stack

22/01 2014

v1.0.0

1.0.0.0

Sets up a form honeypot for spambots and redirects them to a blank page

  Sources   Download

MIT

The Requires

 

The Development Requires