Honeypot Captcha

Phil Haack has a new approach on using a Honeypot technique for CAPTCHA. The most similar technique to this one is what WP-HashCash does, using JavaScript to fill out a form before it gets submitted, and assuming that evil bots don't grok JavaScript. Unfortunately, I have found in the past that some bots seem to […]

Phil Haack has a new approach on using a Honeypot technique for CAPTCHA.

The most similar technique to this one is what WP-HashCash does, using JavaScript to fill out a form before it gets submitted, and assuming that evil bots don't grok JavaScript. Unfortunately, I have found in the past that some bots seem to run Rhino and do even do JavaScript-y things.

Honeypot takes the opposite approach, and assumes that bots will fill out form field with names that it understands:

To exploit this, you can create a honeypot form field that should be left blank and then use CSS to hide it from human users, but not bots. When the form is submitted, you check to make sure the value of that form field is blank. For example, I