I've implemented hook_honeypot_reject() to maintain a list of IP addresses rejected more than N times in the last 30 days, so I can feed that to the server's firewall.

When honeypot is triggered because a spammer enters a value in the hidden field, the hook fires once with $type == 'honeypot', then again microseconds later with $type == 'honeypot_time'.

Comments

John Pitcairn’s picture

John Pitcairn CreditAttribution: John Pitcairn commented
Status: Active » Closed (cannot reproduce)

Huh. I can't reproduce this now. Apologies for the noise.