https://github.com/CHH/stack-honeypot

Inserts a trap for spam bots into responses.
https://github.com/CHH/stack-honeypot

honeypot middleware php stack

Last synced: 9 days ago
JSON representation

Inserts a trap for spam bots into responses.

• Host: GitHub
• URL: https://github.com/CHH/stack-honeypot
• Owner: CHH
• License: mit
• Created: 2014-01-22T20:43:36.000Z (almost 11 years ago)
• Default Branch: master
• Last Pushed: 2014-01-30T15:54:20.000Z (almost 11 years ago)
• Last Synced: 2024-08-03T23:04:20.186Z (3 months ago)
• Topics: honeypot, middleware, php, stack
• Language: PHP
• Size: 187 KB
• Stars: 22
• Watchers: 3
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

• awesome-honeypots - stack-honeypot - Inserts a trap for spam bots into responses. (Honeypots)
• awesome-honeypots - stack-honeypot - Inserts a trap for spam bots into responses. (Honeypots)
• fucking-awesome-honeypots - stack-honeypot - Inserts a trap for spam bots into responses. (Honeypots)

README

        
# Stack\Honeypot

A port of [Rack::Honeypot](https://github.com/sunlightlabs/rack-honeypot) to Stack for PHP.

## Install

    composer require stack/honey-pot:~1.0

## Usage

Wrap your HttpKernelInterface app in an instance of `CHH\Stack\Honeypot` or add it to your middleware stack.

With [stack/builder](https://github.com/stackphp/builder):

```php

push(CHH\Stack\Honeypot::class, $options)

    ->resolve($app);

```

Without the builder:

```php

$app = new Stack\Honeypot($app, $options);

```

### From [Rack::Honeypot](https://github.com/sunlightlabs/rack-honeypot):

This middleware acts as a spam trap. It inserts, into every outputted ``, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.

In the ``:

    

      


        Don't fill in this field

        

      

    [...]


In the ``:

  

    

      div.phonetoy {

        display:none;

      }

    

Then, for incoming requests, the middleware will check if the text field has been set to an unexpected value. If it has, that means a spambot has altered the field, and the spambot is booted to a dead end blank page.

There are a few options you can pass to the constructor (or to the Stack

Builder):

  

  * `class_name` is the class assigned to the parent div of the honeypot. Defaults to "phonetoy", an anagram of honeypot.

  * `label` is the warning label displayed to those with CSS disabled. Defaults to "Don't fill in this field".

  * `input_name` is the name of the form field. Ensure that this is tempting to a spambot if you modify it. Defaults to "email".

  * `input_value` is the value of the form field that would only be modified by a spambot. Defaults to blank.

  * `always_enabled` (defaults to `true`) set to `false` if you don't

    want to insert the trap into all responses returned by your app.

    Just add `X-Honeypot: enabled` to your response headers to enable the

    trap for this response.

## License

See [LICENSE.txt](LICENSE.txt).