Skip to content

Instantly share code, notes, and snippets.

@hans2103
Last active June 5, 2023 09:52
Show Gist options
  • Save hans2103/ecc5b9b1b180f7cd6e1e5d973637456f to your computer and use it in GitHub Desktop.
Save hans2103/ecc5b9b1b180f7cd6e1e5d973637456f to your computer and use it in GitHub Desktop.
Joomla RSForm Honeypot inspired by https://webaim.org/blog/spam_free_accessible_forms/
A small honeypot method to catch spam bots.
Inspired by blog post on https://webaim.org/blog/spam_free_accessible_forms/
Name: usefulname
Caption: usefulName
<style>
.rsform-block-usefulname{
display:none;
visibility:hidden;
}
</style>
/**
* https://webaim.org/blog/spam_free_accessible_forms/
*/
$spam = false;
// Detect form elements for the most common header injections and other code
if (preg_match( "/bcc:|cc:|multipart|\[url|Content-Type:/i", implode($_POST['form'])))
{
$spam=true;
}
// Detect more than 3 outgoing links
if (preg_match_all("/<a|https?:/i", implode($_POST['form']), $out) > 3)
{
$spam=true;
}
// Detect content within a hidden form element
if( !empty($_POST['form']['usefulname']))
{
$spam = true;
}
// Ensure the form is posted from your server
//if((isset($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))) {
// $spam=true;
//}
// Sent spammer to somewhere else
if ($spam)
{
header('Location: https://www.example.com/');
die;
}
// END Honeypot
@hans2103
Copy link
Author

@kbrookes fixes applied. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment