Honeypot

Picture of a honeypotHoneypot is a Drupal module that addresses the problem of automatic/robot submissions of forms (both Contact and webform) on websites; in other words SPAM.  While it can be used alone, we like to use it in conjunction with Mollom as sort of a belt and suspenders way to combat spam.

Honeypot works solely on the website server itself; it does not require communication with another service, e.g., Mollom, and it doesn't require that the site visitor do anything, e.g., answer some form of challenge/captcha.

Honeypot uses two techniques to identify robotic submissions:

  • First, it adds a hidden input field to the form.  Since the field is hidden, legitimate site visitors, humans, don't see the field and therefore can't enter any text.  Conversely, robots will see the field, which is made a little more attractive by a tempting field name, and will enter text.  The module checks for any submitted data in the hidden field and immediately discards the form since it obviously wasn't submitted by a person.
  • Second, it looks at how much time has elapsed between when the form was displayed to the visitor and when the from is submitted.  People are slow when compared to 'bots.  A person can't read a form, enter meaningful data, and submit the form in a short time, like 5 or 10 seconds.  If the form is returned before a short threshold then it must have been robotically processed.

The instruction path for Honeypot is relatively short which results in minimal server overhead (actually a reduction since the form submission path is much longer).  Honeypot has no usage limits.  It can be invoked as many times as necessary.