Empty Field Verification aka Honeypot: is it fully implemented?
November 07, 2022, 05:37:27 pm
Hello, I have a massive problem with spam registrations at the moment. The Method of Registration is set to "Admin Approval". Apparently there is no double-opt-in for this method of registration in place. (Or is there a setting I've missed ?) But the real question I have is: is the Empty Field Verification fully implemented? When I turn it on I see a hidden field in the source code<input type="password" name="autofill_honey_pot" class="hide" autocomplete="off"> however, there is no checking for the "autofill_honey_pot" field in the Register_Controller class (Register.controller.php). The amount of spam, mostly from email adresses with a subdomain dot in the domain name, is overwhelming. Over 50 a day. Best regards, Esteffano.
Re: Empty Field Verification aka Honeypot: is it fully implemented?
Reply #1 – November 07, 2022, 08:26:04 pm
I'd really need to take a look to be sure, but going by memory, that autofill_honey_pot is just there to prevent password managers from auto-filling in the password field during registration. The empty field verification should just be a hidden checkbox with a "verification_control" id on it. I'll note that in 2.0 we really improved this option, not that does any good for 1.1, but in 2.0 the field looks a lot more tasty for bots to check. For you I'd go with the ever simple, but oh so effective, verification question. Its on the same page as the empty field (admin > security and moderation > anti spam) Enter a question that is unique to your site, its purpose, its name or a question with the answer in it, like enter blue backwards and then enter eulb for the answer. Other than that, there are reCAPTCHA addons available as well, also very effective.