Skip to content
/ spamtrap Public

This is a simple spamtrap to fight spamdexing. You can create bogus form fields (honeypots) that will be filled-in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response.

github.com/cedric/spamtrap
12 stars 4 forks Branches Tags Activity
Star
Notifications

cedric/spamtrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

README.rdoc

README.rdoc

 
 

Rakefile

Rakefile

 
 

spamtrap.gemspec

spamtrap.gemspec

 
 

Repository files navigation

<img src=“https://badge.fury.io/rb/spamtrap.svg” alt=“Gem Version” /> <img src=“https://secure.travis-ci.org/cedric/spamtrap.svg?branch=master” alt=“Build Status” /> <img src=“https://codeclimate.com/github/cedric/spamtrap.svg” />

Spamtrap

This is a simple spamtrap to fight spamdexing. You can create bogus form fields (honeypots) that will be filled-in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response.

Installation

In Rails 2.3, add the following to your environment.rb:

config.gem 'spamtrap'

In Rails 3+ (or if using Bundler), add the following to your Gemfile:

gem 'spamtrap'

Example

Declare the controller actions you want the spamtrap enabled for:

class CommentsController < ApplicationController
  spamtrap :sarah_palin_walks_with_dinosaurs, only: %i(create update)
end

In your views, add a call to the “spamtrap” form builder to your forms to output the honeypot fields:

- form_for @comment do |f|
  = f.spamtrap :sarah_palin_walks_with_dinosaurs, class: 'reindeer_jerky'
  %fieldset
    = f.label :body
    = f.text_area :body
  = f.submit

Now you just need to hide the spamtrap from your real users by adding this to your CSS:

.reindeer_jerky { display: none; }

The spamtrap mix-in can also take an optional block, where you can do more advance things – like swapping the honeypot with a real form parameter.

To Do

  • Add a cryptographic nonce to prevent replay attacks. It would probably be an MD5 hash consisting of a timestamp, ip address and a secret token. The timeout would be configurable.

  • Consider field name mutation throughout form.

  • Write some tests. Ack!

License

(The MIT License)

Copyright © 2010-2014 Cedric Howe

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ‘Software’), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

This is a simple spamtrap to fight spamdexing. You can create bogus form fields (honeypots) that will be filled-in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response.

github.com/cedric/spamtrap

Resources

Readme
Activity

Stars

12 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages