Simple Antibot Spam Contact Form – The Honeypot Trap Method

Simple Antibot Spam Contact Form

Here’s a simple antibot spam contact form that uses the honeypot trap method to catch potential bots from spamming forms.

The purpose of adding honeypots to a form is to detect bots that are programmed to automatically fill out forms to post spam. It works by tricking the bot into filling in an input field that would visually be hidden to humans.

Robots see forms differently from humans and because they don’t parse page HTML & CSS, they don’t see that an input form is hidden.

This is really simple method that does have its limitations, but it would work a treat for the majority of small personal websites.

Antibot Spam Contact Form

The HTML

Set up your contact page, lets called it “contact.html”

<form name="emailform" action="send.php" method="post">
    <p>Name:</p>
    <input type="text" name="name" />
    <p>Email:</p>
    <input type="text" name="email" />
    <p>Message:</p>
    <textarea name="message" rows="6" cols="40"></textarea>
    <input type="text" id="monkey" name="monkey" class="hide" />
    <br />
    <input type="submit" value="Send" />
</form>

You will notice the input with the ID of “monkey” has a class of hide.

The CSS

You will need to add the following class to your CSS.

input.hide { display:none;}

This can either go in an external stylesheet or in the head of your webpage.

The class of hide does as it says and hides that element with {display:none;}.

The PHP

We now create another file that the form will submit to, lets call it “send.php”

<?php
  $monkey = strip_tags($_POST[monkey]);
  if ($monkey != null) {
      echo "not this time bot!";
      die;
  }
  else
  //define where you want the email to go
  $to = "[email protected]";
  //subject of the email
  $subject = "Message From Website";
  //post the name of the sender
  $from = $_POST[name];
  //post the email of sender
  $email = $_POST[email];
  //post the message of sender
  $message = $_POST[message];
 
  $body = "
  Name:$from \n
  Email:$email \n
  Message:$message";
 
  if (mail($to, $subject, $body)) {
      echo("Thank You for your email");
  } else {
      echo("Sorry Your Email was not sent");
  }
?>

The script checks if $monkey is empty as it should be because a human wouldn’t know to enter text into a hidden input.

However depending on the bot, it may attempt to spam any input box that’s available.

If the form is submitted and the “monkey” input is not empty, it will end the script and leave a message for the bots. However, If the input was left empty, then the script will continue and process the email.

You can give the input field a different name, but you need to update this line to reflect this.

$monkey = strip_tags($_POST[monkey]);

Other Antibot Spam Methods

  • Captcha – protect your website against bots by generating and grading tests
  • Akismet Anti-Spam – WordPress plugin that checks your form content against a database to prevent your site from publishing malicious content.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *