[pmwiki-users] Pondering adding comment ability to wiki pages, and thoughts on spam prevention

Patrick R. Michaud pmichaud at pobox.com
Wed Mar 21 10:03:58 CDT 2012

On Wed, Mar 21, 2012 at 06:01:48PM +1300, John Rankin wrote:
> Have you investigated the option of a "honey trap"? That is, a field
> within a <div> with a class for display:none, so a human doesn't see it.
> The theory being that if the field is filled in, it must be a spambot, so
> reject the comment. 

pmwiki.org has used a couple of honeypots for a while, and it works
fairly well.  On the Site.EditForm, we have

    (:input hidden code1 6472:)
    %comment%Enter code: (:input text code2:)

Then in local.php, something like:

    if ($action == 'edit' && preg_grep('/^post/', array_keys(@$_POST)) {
        if (@$_REQUEST['code1']!='6472' || @$_REQUEST['code2'] > '') {
            $EnablePost = 0;
            $IsBlocked = 1;

The 'code1' hidden input control verifies that hidden input controls 
are being filled in and not modified by the submitter.  The 'code2' 
input control is the honeypot; although it's in the HTML output it 
doesn't display in the browser (because of %comment%).  If code2 comes 
back filled in with a value, it's probably a robot of some sort.

> It would be interesting to know how well this works in
> practice, because it is simple to implement (a field, a css class and an
> if statement) and adds no burden to human commenters. No password or
> captcha is required.

When I added this to pmwiki.org (several years ago), I did some logging 
to see how effective it was -- it did manage to trap quite a lot of
spam submissions.  However, it's not a total solution, as evidenced by 
the fact that spam still manages to get past it onto pmwiki.org.


More information about the pmwiki-users mailing list