In response to #1859090-20: Ban persistent spammers, possibly through integrating another module, I'm going to add a hook, hook_honeypot_reject(), which will allow other modules to react when Honeypot rejects a form submission.

CommentFileSizeAuthor
#11 honeypot.module-6.x-1969212.patch1.04 KBmr.j
#3 1969212-3-reject-hook.patch1.96 KBgeerlingguy
#1 1969212-1-reject-hook.patch1.93 KBgeerlingguy

Comments

geerlingguy’s picture

geerlingguy commented
Status: Active » Needs review
StatusFileSize
new 1969212-1-reject-hook.patch1.93 KB

Attached patch adds the hook. Waiting for testbot.

geerlingguy’s picture

geerlingguy commented
Version: 7.x-1.x-dev » 8.x-1.x-dev
Status: Needs review » Patch (to be ported)

D7 fix in commit http://drupalcode.org/project/honeypot.git/commit/b06de68

Will forward-port to D8 next.

geerlingguy’s picture

geerlingguy commented
Status: Patch (to be ported) » Needs review
StatusFileSize
new 1969212-3-reject-hook.patch1.96 KB

Okay, will wait for testbot on this one.

Status: Needs review » Needs work

The last submitted patch, 1969212-3-reject-hook.patch, failed testing.

geerlingguy’s picture

geerlingguy commented

Hmm... could be something that's changed in D8 since my last work on the branch.

geerlingguy’s picture

geerlingguy commented
Status: Needs work » Needs review

#3: 1969212-3-reject-hook.patch queued for re-testing.

Status: Needs review » Needs work

The last submitted patch, 1969212-3-reject-hook.patch, failed testing.

geerlingguy’s picture

geerlingguy commented
Status: Needs work » Needs review

#3: 1969212-3-reject-hook.patch queued for re-testing.

geerlingguy’s picture

geerlingguy commented
Status: Needs review » Fixed

Tests passed locally. I guess the older test was a quirk.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

mr.j’s picture

mr.j commented
Version: 8.x-1.x-dev » 6.x-1.14
Status: Closed (fixed) » Needs review
StatusFileSize
new honeypot.module-6.x-1969212.patch1.04 KB

I recently replaced my homebrew solution to this problem with the honeypot module but this feature was one thing that the module lacked in comparison so I have a patch against 6.x-1.14 attached.

I added the $type variable to the hook_ call because I want to auto-ban anything that submits the honeypot field, but not ban someone that trips the time limit because there is a much bigger chance that they could be human as the time limit applies across all forms, not individual ones. eg. 5 seconds is great on the registration form that needs time to fill out but not so good on the reset password field where it can be beaten manually.

This is my module code that uses the troll module for anyone interested:

function mymodule_honeypot_reject($type, $form_id, $uid) {

  // Troll ban anything that fails the honeypot protection
  if ($type == 'honeypot') {
    $expires = getdate(time() + 604800); // Expire IP block after 7 days
    
    troll_insert_ip(array(
        'ip_address' => ip_address(),
        'domain_name' => 'Caught in a honeypot',
        'expires' => 1,
        'day' => $expires['mday'],
        'month' => $expires['mon'],
        'year' => $expires['year'],
            )
    );

    exit;
  }
}

Status: Needs review » Needs work

The last submitted patch, honeypot.module-6.x-1969212.patch, failed testing.

geerlingguy’s picture

geerlingguy commented
Version: 6.x-1.14 » 8.x-1.x-dev
Status: Needs work » Closed (fixed)

I've opened a new issue for this API improvement: #2067221: Add $type parameter to hook_honeypot_reject(). Thanks for submitting!

Note that the new parameter should be added onto the end of the list of parameters, so that this small API addition doesn't break anyone's existing integrations.