Project

rack-honeypot

0.04
No commit activity in last 3 years
No release in over 3 years
rack-honeypotsunlightlabs/rack-honeypotHomepageDocumentationSource CodeBug TrackerWiki
This middleware acts as a spam trap. It inserts, into every outputted <form>, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
14,020
Stars
97
Forks
11
Watchers
5
 Releases
Current version
0.1.3
Total releases
4
First release
2011-10-05
Latest release
2016-01-26
 Issues
Open Issues
2
Closed Issues
1
Total Issues
3
Issue Closure Rate
33%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
0
Merged Pull Requests
6
Pull Request Acceptance Rate
85%
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-03-28
Reverse Dependencies
0

 Dependencies

Development

rack-test
>= 0

Runtime

rack
>= 0
unindentable
= 0.0.4
 Project Readme

Honeypot, a Rack Middleware for trapping spambots

Written by Luigi Montanez of Sunlight Labs, with contributions from Luc Castera and Daniel Schierbeck. Copyright 2009-2011.

This middleware acts as a spam trap. It inserts, into every outputted <form>, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.

In the <body>:

<form>
  <div class='phonetoy'>
    <label for='email'>Don't fill in this field</label>
    <input type='text' name='email' value=''/>
  </div>
[...]

In the <head>:

<style type='text/css' media='all'>
  div.phonetoy {
    display:none;
  }
</style>

Then, for incoming requests, the middleware will check if the text field has been set to an unexpected value. If it has, that means a spambot has altered the field, and the spambot is booted to a dead end blank page.

Dependencies

You will need to install these RubyGems:

Configuration

To use in your Rails app, place honeypot.rb in lib/rack or add rack-honeypot to your Gemfile.

Then in environment.rb:

config.middleware.use "Rack::Honeypot"

That's all there is to it. Fire up your app, View Source on a page with a form, and see the magic.

There are a few options you can pass in:

  • :class_name is the class assigned to the parent div of the honeypot. Defaults to "phonetoy", an anagram of honeypot.
  • :label is the warning label displayed to those with CSS disabled. Defaults to "Don't fill in this field".
  • :input_name is the name of the form field. Ensure that this is tempting to a spambot if you modify it. Defaults to "email".
  • :input_value is the value of the form field that would only be modified by a spambot. Defaults to blank.

If you want to modify the options used, simply do:

config.middleware.use "Rack::Honeypot", :input_name => "firstname"

Tests

To run the tests:

sudo gem install rack-test
cd test
ruby test_honeypot.rb

Props

Based on django-honeypot by James Turk.

Credit to Geoff Buesing for a first stab at this idea in Rack.

See LICENSE.md for proper reuse guidelines.