Bots seem to have learned the trick to bypass the honeypot field

  • Resolved Flyhead

    (@bukers)


    5 years, 5 months ago

    Hi, we are still getting quite a number of what seem to us bot spams. Maybe there is still the honeypot word in the tag even we have changed the tag name in the name field?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi !
    Same issue there. I’m using honeypot on a lot of websites since a few years and it’s super effective. But since a few days we have a malicious bot sending crap. I’ve tried to add a second honeypot field without any success.
    From now on I’m lucky because it seems that the ip is still the same. So I’ve banned the ip this morning. But it’s just a temporary solution.
    <hr>
    The website concerned is https://www.moulindelaforge.com/en
    <hr>
    From now the bot don’t use the french version of the website.

    martialspirit

    (@eclecticphilosopherdesigner)

    Yes, same happened to me a month ago Bots seem to have learned to bypass the honeypot.

    I managed to mitigate the issue by renaming the honeypot field to some different field name such as “last-name” or “city”. Some bots seem to be scanning the field named honeypot and filling it, but they will still fall into the trap if you rename the field.

    Hope that helps and also hope that the author enhances this plugin so that the bots have a harder time recognizing the honeypot.

    same here, i renamed the fields to city and hope its working now.
    please update the plugin to have a decent spam solution – it worked well for years so far.

    @telemarker – there’s not much that can be done. As it says in the plugin description, a honeypot is not the be-all-end-all solution to spam. It is meant to seamlessly and easily stop dumb bots. If smart bots (or real spammers) are hitting your forms, a honeypot just isn’t going to cut it.

    If you’ve not tried them already, there are a number of suggestions and tweaks in the forum here that might yield some better results.

    jmp909

    (@jmp909wp)

    @nocean having an hp-message is an easily recognisable element that bots could learn.

    Do you think we could have an option to alter it please? (both the message and the class) or also optionally omit that message entirely

    Since this is currently the same for every installation of this plugin, it’s easy to identify and process with a bot script

    Thanks
    J.

    @jmp909wp – there is a checkbox to remove this message when inserting the shortcode. You can also modify all the HTML outputted by the plugin using filters. For more information, please see the “Altering Honeypot Output HTML” section in the Installation instructions. There are examples on how to do this.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Bots seem to have learned the trick to bypass the honeypot field’ is closed to new replies.