On 12/14/12 12:52 PM, Mark Sapiro wrote:
The League CA Cities wrote:
some of my list are being spammed with bot subscription request. I am looking for a way to add a hidden field to the subscription page of each list that a bot would see but a human user will not.
I would like to have Mailman automatically drop any subscription request that has the hidden field fill out.
This is not a solution to the problem you face. What you want is a hidden field in the form that contains secret data the bot doesn't know. Then you reject the request if the form comes back without the secret.
Actually that is a well know method to stop many bots. They will crawl the web looking for subscription forms, and when they find one, fill it out. If you add a field to the form that humans with normal web browsers will not see, and thus not fill out, then a bot that is filling out most fields (as it might be a required field, and they don't want to make the effort to try to parse a reply back) will trip up and fill in the honeypot field.
Normally this is done by using CSS to hide the field, using the attribute display:none
For other types of bots, having a key on the page that is needed to be returned will help, as it will catch bots that "know" what the subscription form looks like and just go around trying to submit it. Even better is to give out different keys each time, and checking that the key isn't too old or too young (figuring a human will take at least a few seconds to fill out the form, but the bot won't be patient enough to do that).