sunlightlabs / rack-honeypot

Description:	Middleware that functions as a spambot trap. Cast spambots off into the abyss. edit
Homepage:	http://sunlightlabs.com edit
Public Clone URL:	git://github.com/sunlightlabs/rack-honeypot.git Give this clone URL to anyone. `git clone git://github.com/sunlightlabs/rack-honeypot.git`
Your Clone URL:	git@github.com:sunlightlabs/rack-honeypot.git Use this clone URL yourself. `git clone git@github.com:sunlightlabs/rack-honeypot.git`

Heredocs were brittle, fixed by using unindentable gem.

djsun (author)

Thu Jul 09 11:52:47 -0700 2009

commit 89b90efeb168202eacab2bf160c05813e381526e
tree b0871e02211c0a24fc967056307b9330294e6a8f
parent 73a827cbf162c5a0cd4fa7d61175705173ca0322

rack-honeypot /

name	age	history message
.gitignore	Wed Jul 08 12:18:06 -0700 2009	Added tests + fixed small issue with env['rack.... [dambalah]
LICENSE.md	Tue Jul 07 08:43:09 -0700 2009	Update docs and license. [luigi]
README.md	Thu Jul 09 11:55:07 -0700 2009	Heredocs were brittle, fixed by using unindenta... [djsun]
honeypot.rb	Thu Jul 09 11:55:07 -0700 2009	Heredocs were brittle, fixed by using unindenta... [djsun]
test/	Thu Jul 09 11:55:07 -0700 2009	Heredocs were brittle, fixed by using unindenta... [djsun]

README.md

Honeypot, a Rack Middleware for trapping spambots

This middleware acts as a spam trap. It inserts, into every outputted <form>, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.

In the <body>:

<form>
  <div class='phonetoy'>
    <label for='email'>Don't fill in this field</label>
    <input type='text' name='email' value=''/>
  </div>
[...]

In the <head>:

<style type='text/css' media='all'>
  div.phonetoy {
    display:none;
  }
</style>

Then, for incoming requests, the middleware will check if the text field has been set to an unexpected value. If it has, that means a spambot has altered the field, and the spambot is booted to a dead end blank page.

Dependencies

You will need to install these RubyGems:

unindentable: http://github.com/sunlightlabs/ruby-unindentable/tree/master
rack-test: http://github.com/brynary/rack-test/tree/master

Configuration

To use in your Rails app, place honeypot.rb in lib/rack.

Then in environment.rb:

config.middleware.use "Rack::Honeypot"

That's all there is to it. Fire up your app, View Source on a page with a form, and see the magic.

There are a few options you can pass in:

:class_name is the class assigned to the parent div of the honeypot. Defaults to "phonetoy", an anagram of honeypot.
:label is the warning label displayed to those with CSS disabled. Defaults to "Don't fill in this field".
:input_name is the name of the form field. Ensure that this is tempting to a spambot if you modify it. Defaults to "email".
:input_value is the value of the form field that would only be modified by a spambot. Defaults to blank.

If you want to modify the options used, simply do:

config.middleware.use "Rack::Honeypot", :input_name => "firstname"

Tests

To run the tests:

sudo gem install rack-test
cd test
ruby test_honeypot.rb

Props

Based on django-honeypot by James Turk.

Credit to Geoff Buesing for a first stab at this idea in Rack.

See LICENSE.md for proper reuse guidelines.