Creating a honeypot on a registration form

Question

I'm trying to use this gem to create a honeypot field, but I'm not sure how to implement it. How does the form know which field to make the honeypot and where do I specify the label? Here is the code I've used for the field, however when I run the app the form appears to be visible:

= form_for(:invitation, :url => request_invite_path, :html => {:id => 'login_form', :honeypot => true}) do |form|
      = form.text_field :email, :size => nil
      = form.text_field :honeypot #This field was created to store the honeypot input
      %button{:type => "submit"} Request Invite

This honeypot is being used on a registration form which only asks for email address and then there is the extra honeypot field which is hidden. I currently have an invitation service, so when people input their email, an invitation is created and I can accept or reject it. What I want to do is get rid of the invitation feature, but I figure I can use this invitation feature in conjunction with the honeypot field to stop bots from registering.

Is there a way for me to skip the models and still use the honeypot field to either accept or reject the invitation? I don't actually need to store the honeypot data, but I need to use it to decide whether or not the invitation should be accepted.

So it should work like this:

1. User gets to landing page
2. User sees registration form consisting of
   1. email address input box
   2. honeypot field which is hidden
3. If a bot registers it will fill in the honeypot, so when the invitation is being created I can automatically accept the ones that don't fill out the honeypot and the ones that do will be rejected.

One more thing, how do I test the honeypot field to see if its working? I want to fill it out and see if my code is doing what its supposed to.

Answer 1

So from what I get, you have a landing page form in which the user has to enter an email, and there's a honeypot to filter bots.

1. If you're using that gem, you'll see that you don't need to add yourself the honeypot field to the form. When you implement it with :honeypot => true in the html options, it automatically creates a hidden text field with the appropriate label for accessibility.

2. If you're using a honeypot for filtering bots, when a bot submits the form to the controller, and has filled out both the email and the honeypot, you just add a before_filter :protect_from_spam. If you want to do anything special in that function you can override its defaults within the controller as well.

3. You can test it by inspecting the element in the browser (with Firebug on Firefox for example) simply by changing the css display: of the honeypot from none to inline. This way you can fill in that field and see what happens when you do without actually changing the code.

Answer 2

I'm sorry you didn't understand my previous answer, I'll rephrase it

So from what I get, you have a landing page form in which the user has to enter an email, and there's a honeypot to filter bots.

1. if you're using that gem, you'll see that you don't need to add yourself the honeypot field to the form. (i don't exactly see the purpose of using a gem for this but anyway..)

2. when you do add a text field to the form and want it to be invisible, you need to make it invisible yourself (that's how text fields work)

3. if you're using a honeypot for filtering bots, when a bot submits the form to the controller, and has filled out both the email and the honeypot you just add a before_filter :check_honeypot, and in that function check if the honeypot field is either empty or not, and if it's not, well you have a bot, right? so reject it automatically

Answer 3

Refer this one for both client and server side honeypot tutorial Secure Forms and comments from bots using Honeypot