Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/middlewares/honeypot

PSR-15 middleware to implement a honeypot spam prevention
https://github.com/middlewares/honeypot

honeypot http middleware psr-15 security spam-protection

Last synced: 3 months ago
JSON representation

PSR-15 middleware to implement a honeypot spam prevention

Host: GitHub
URL: https://github.com/middlewares/honeypot
Owner: middlewares
License: mit
Created: 2016-10-09T12:06:17.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2021-10-29T16:13:02.000Z (over 3 years ago)
Last Synced: 2024-08-03T23:23:59.486Z (6 months ago)
Topics: honeypot, http, middleware, psr-15, security, spam-protection
Language: PHP
Size: 31.3 KB
Stars: 13
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-psr15-middlewares - middlewares/honeypot - Block spam bots. (Packages / Security)

README

        # middlewares/honeypot

[![Latest Version on Packagist][ico-version]][link-packagist]

[![Software License][ico-license]](LICENSE)

![Testing][ico-ga]

[![Total Downloads][ico-downloads]][link-downloads]

Middleware to implement a honeypot spam prevention. This technique is based on creating a input field that should be invisible and left empty by real users but filled by most spam bots. The middleware check in the incoming requests whether this value exists and is empty (is a real user) or doesn't exist or has a value (is a bot) returning a 403 response.

## Requirements

* PHP >= 7.2

* A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)

* A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)

## Installation

This package is installable and autoloadable via Composer as [middlewares/honeypot](https://packagist.org/packages/middlewares/honeypot).

```sh

composer require middlewares/honeypot

```

## Example

```php

$dispatcher = new Dispatcher([

	new Middlewares\Honeypot()

]);

$response = $dispatcher->dispatch(new ServerRequest());

```

## Usage

In your forms, you have to include a `` element that will be used as trap:

```html

    

        

            input[name="hpt_name"] { display: none; }

        

    

    

        

            

            

            

                User:

                

            

            

                Password:

                

            

        

    

```

The middleware by default expect the input name is `hpt_name` but you can change it. Note also the css code that hide the honeypot, so users do not see anything, only robots. You may need to add some accesibility attributes like `aria-label` for screen readers.

```php

//Check the default "htp_name" value

$honeypot = new Middlewares\Honeypot();

//Check other value, for example "nobots"

$honeypot = new Middlewares\Honeypot('nobots');

```

Optionally, you can provide a `Psr\Http\Message\ResponseFactoryInterface` as the second argument to create the error response (`403`) when spam is detected. If it's not defined, [Middleware\Utils\Factory](https://github.com/middlewares/utils#factory) will be used to detect it automatically.

```php

$responseFactory = new MyOwnResponseFactory();

$honeypot = new Middlewares\Honeypot('htp_name', $responseFactory);

```

## Helpers

### getField

This static method is provided to ease the creation of the input field, accepting two arguments: the input name and a label used for screen readers. If no name is provided, use the same name passed previously to the middleware.

Example:

```html

    = Middlewares\Honeypot::getField('htp_name', 'Please, do not fill this input') ?>

    

        User:

        

    

    

        Password:

        

    

```

### getHiddenField

This static method generates the input field just like `getField()` does, but adds inline CSS to hide the field directly. Note: This may be easier to detect for some bots.

If you want to get creative with hiding the field, use `getField()` in combination with custom CSS (or JS).

```html

    = Middlewares\Honeypot::getHiddenField() ?>

    

        User:

        

    

    

        Password:

        

    

```

---

Please see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.

The MIT License (MIT). Please see [LICENSE](LICENSE) for more information.

[ico-version]: https://img.shields.io/packagist/v/middlewares/honeypot.svg?style=flat-square

[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square

[ico-ga]: https://github.com/middlewares/honeypot/workflows/testing/badge.svg

[ico-downloads]: https://img.shields.io/packagist/dt/middlewares/honeypot.svg?style=flat-square

[link-packagist]: https://packagist.org/packages/middlewares/honeypot

[link-downloads]: https://packagist.org/packages/middlewares/honeypot