Lyndi Castrejon

Published on

Simple Honeypot to Prevent Spam Submissions

Authors

Why Do You Need a Honeypot?

Have you ever wondered why you seem to be getting redundant spam submissions from the same "person"? You're probably experiencing spam bots that are programmed to fill out your forms automatically. The hidden field trick can remedy this with minimal technical knowledge.

How It Works

The technique is incredibly simple; include a hidden field in your contact form (or any other web form, for that matter). The field is invisible to human users but will be detected by spam bots. When the bot fills out this field, your form will reject the submission automatically.

Creating the Honeypot Field

To create a honeypot field, you can add a hidden input field to your contact form. Here's an example of how you might do this in HTML:

<form action="/submit" method="post">
  <input type="text" name="name" placeholder="Your Name" />
  <input type="email" name="email" placeholder="Your Email" />
  <!-- Honeypot field -->
  <input type="hidden" name="gender" style="display:none" />
  <button type="submit">Submit</button>
</form>

In this example, the honeypot field is hidden from human users using the style="display:none" attribute. Spam bots, however, will still see this field and may attempt to fill it out.

Validating the Honeypot Field

To validate the honeypot field, you can check if the field is empty in your js code. If it's not empty, the form submission gets rejected. Here's an example of how you might do this in JavaScript:

app.post('/submit', (req, res) => {
  if (req.body.honeypot) {
    // Reject the form submission
    res.status(403).send('Forbidden')
  } else {
    // Process the form submission
    // ...
  }
})

In this example, if the honeypot field is not empty, the form submission is rejected with a 403 Forbidden status code.

Next Steps

It's ideal to implement this strategy in addition to other security measures to enhance your overall spam prevention. For instance, you can include a puzzle or math problem that only humans can solve. If you want to try more advanced strategies, you might consider implementing a more robust spam prevention solution like Akismet or reCAPTCHA.

Discuss on Bluesky