TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
Kohana Honeypot module
  • Honeypot Security Module For Kohana Framework


    This is a Security Module for the Kohana Framework. Its a good replacement for Captcha. To install this module, download the zip, and then unzip into the Kohana modules directory.

    Activate the module by adding it to your application/bootstrap.php file.

    To use it, add it to a form in your views with:

    echo Honeypot::make()

    Then in your controller you can use this with the Validation library, or as a standalone.

    // Stand alone without CSRF check
    if ( ! Honeypot::check())
        // not valid
    // Stand alone with CSRF check
    if ( ! Honeypot::check(true))
        // not valid
    // Validation
    $post = Validation($_POST)
             ->rule(Honeypot::FIELD_NAME, 'Honeypot::check') // without CSRF check
            ->rule(Honeypot::FIELD_NAME, 'Honeypot::check', array('true')); //  with CSRF check

    Notice an error, please use the issue tracker, or fork, fix and submit a pull request.

  • Do you have a link ?

  • Do you have a demo?

  • Nice work! One thing to note though, there are many bots clever enough to not be fooled by honeypot tactics. One of my sites has been getting hammered by spam bots recently after they broke my custom captcha.

    I switched to a honeypot field hidden by CSS and that stopped them for a day. Thought I'd try ReCaptcha, but that had zero effect. Tried a honeypot field that gets filled in via JavaScript so if it was left blank I blocked access (Very annoying for those that disable javascript).

    I've currently gone back to basics with a custom image captcha that I've purposefully made much harder to read, a real shame but only 1-3 bots get past it per day.

    Just something to keep in mind.

  • @davgothic Why did ReCaptcha have no effect ?

  • I got a captcha system but with an extra something. Randomly the user get's some of these after form submit:

    • JavaScript that asks for a mathematical question in prompt and submits through AJAX
    • Flypage with mathematical question

    I never got spam for any of the sites I used.. also some directadmin hosts block spam IP addresses.

  • You probably also have less traffic ;)

  • True, but there are enough banlists of spammers like I said in host-software like directadmin panel :) If I check my denied firewall lists of spam ip's it's huge!

  • lol its actually almost impossible to totally curb spam bots once they get their mind to it

  • what solved my problem with spam bots was to exchange the element name from name to the email and added the hidden input field with a catchy field name like site. just check if the name is an email and voilá ;) the idea came from wait for it a wordpress plugin

  • I integrated honeypot , its creating two fields in form, but when i submit form its not validating it, any idea what could be the issue?

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion