Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chh/stack-honeypot
Inserts a trap for spam bots into responses.
https://github.com/chh/stack-honeypot
honeypot middleware php stack
Last synced: 26 days ago
JSON representation
Inserts a trap for spam bots into responses.
- Host: GitHub
- URL: https://github.com/chh/stack-honeypot
- Owner: CHH
- License: mit
- Created: 2014-01-22T20:43:36.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2014-01-30T15:54:20.000Z (almost 11 years ago)
- Last Synced: 2024-10-30T15:51:12.305Z (about 1 month ago)
- Topics: honeypot, middleware, php, stack
- Language: PHP
- Size: 187 KB
- Stars: 23
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-honeypot - **18**星
README
# Stack\Honeypot
A port of [Rack::Honeypot](https://github.com/sunlightlabs/rack-honeypot) to Stack for PHP.
## Install
composer require stack/honey-pot:~1.0
## Usage
Wrap your HttpKernelInterface app in an instance of `CHH\Stack\Honeypot` or add it to your middleware stack.
With [stack/builder](https://github.com/stackphp/builder):
```php
push(CHH\Stack\Honeypot::class, $options)
->resolve($app);
```Without the builder:
```php
$app = new Stack\Honeypot($app, $options);
```### From [Rack::Honeypot](https://github.com/sunlightlabs/rack-honeypot):
This middleware acts as a spam trap. It inserts, into every outputted ``, a text field that a spambot will really want to fill in, but is actually not used by the app. The field is hidden to humans via CSS, and includes a warning label for screenreading software.
In the ``:
Don't fill in this field
[...]In the ``:
div.phonetoy {
display:none;
}
Then, for incoming requests, the middleware will check if the text field has been set to an unexpected value. If it has, that means a spambot has altered the field, and the spambot is booted to a dead end blank page.
There are a few options you can pass to the constructor (or to the Stack
Builder):
* `class_name` is the class assigned to the parent div of the honeypot. Defaults to "phonetoy", an anagram of honeypot.
* `label` is the warning label displayed to those with CSS disabled. Defaults to "Don't fill in this field".
* `input_name` is the name of the form field. Ensure that this is tempting to a spambot if you modify it. Defaults to "email".
* `input_value` is the value of the form field that would only be modified by a spambot. Defaults to blank.
* `always_enabled` (defaults to `true`) set to `false` if you don't
want to insert the trap into all responses returned by your app.
Just add `X-Honeypot: enabled` to your response headers to enable the
trap for this response.## License
See [LICENSE.txt](LICENSE.txt).