An issue about honeybots

tags:

security

views:

answers:

An issue about honeybots

I was going through honeybots and found out something which took me by surprise..

"Honeypot fields are invisible fields on the form. Invisible is different than hidden. Hidden is a type of field that is not displayed for editing. Bots understand hidden fields, because hidden fields often carry identifying information that has to be returned intact. Invisible fields are ordinary editable fields that have been made invisible in the browser..."

if honeybots are invisible, how is that such fields are editable.. moreover is it that it helps us acheive some security.. how is that?

+2 A:

If a field is moved out of the render window via CSS, the bot wouldn't know it (because it ignores CSS). A human user won't fill in the field, a bot will.

Jerome 2009-12-23 11:18:36

but then how is it used for security issues?

Sachindra 2009-12-23 11:20:22

Just a guess: the server ignores request where the invisible field is filled in.

Jerome 2009-12-23 11:22:24

+1 A:

You can hide a regular form field, such as a text box or textarea with some simple CSS. If it has been hidden like this human users using a browser can't add any data to it, programatically it can still be added to though, by a bot, and they will likely add data to all available fields. So if field is not empty it must have been submitted by a bot.

mbehan 2009-12-23 11:22:45

Here is an nice lecture with some good examples: How to fight guestbook spam

However...Honeybots are prepared fields which lead the bot which is trying to use the formular in a trap. From my point of view this fields are called "invisible" cause the Bot cannot get the main purpose of that field.

bastianneu 2009-12-23 11:24:22

ansaurus

tags:

views:

answers:

An issue about honeybots

related questions