Hashcash, Akismet and Honey Pots

Gravity Support Forums » General » Feature Requests

Jeff
Member

I totally don't like any user gymnastics just to allow them to post in a form, and it is quite not needed with integration with Wordpress Hashcash or Akismet, for example. Does your plugin do so?

Can it and would you consider it in the future if not now?

If not that, you could implement a honey pot approach. Create a field that is not visible to a human visitor but is "there" nonetheless and visible to machines and require the field to be blank in order for a successful submission yet trick the machine to think something must be there so the machine fills it in.

You can see more about form honey pots here:

http://nedbatchelder.com/text/stopbots.html

Though I hate user gymnastics, your form software was so good I could not resist. I hope you will consider the honey pot alternative.

Thank you for reading!

Jeff

Posted 14 years ago on Thursday February 4, 2010 | Permalink
Carl Hancock
Administrator

Hey Jeff, we agree. Right now the only solution is the reCAPTCHA field. However we do plan on implementing Akismet anti-spam integration in a future release. I don't have a time table for you, but it is a feature we plan on adding.

Posted 14 years ago on Thursday February 4, 2010 | Permalink
Jeff
Member

Cool! In the mean time, I plan to use custom.css in my Semiologic theme to hide a field that is required to be blank, but call it "email" or something to attract machines to complete it. Can I make a field required to be blank in your form? I have not looked yet, perhaps this is obvious somewhere.

I also need a unique ID for the specific field. Is that possible?

I will custom build my honey pot if I can do these 2 things. :)

Thanks for responding!

Posted 14 years ago on Thursday February 4, 2010 | Permalink
Forsite Media
Member

Any news on this Carl? I suddenly find two sites of mine bombarded with spam and reCAPTCHA is really not the way I want to go if possible :)

Posted 14 years ago on Tuesday March 16, 2010 | Permalink
Carl Hancock
Administrator

No news on this just yet as we are working on other features right now. Another option in 1.3.10+ is to use the Numeric field as a make shift math captcha. It won't stop super smart spam bots as it doesn't use image based math captcha, but it may stop some spam.

- Insert numeric field
- Set it as required
- Give the field label the question (ex. What is 1+2?)
- Give the field a range with the minimum and maximum value equal to the answer (ex. 3)
- Give the field a custom validation message (ex "Please check your math")

The form won't submit unless they enter the proper answer.

Posted 14 years ago on Tuesday March 16, 2010 | Permalink
Forsite Media
Member

thank Carl for that workaround. I'll give it a go!

Posted 14 years ago on Tuesday March 16, 2010 | Permalink
Jeff
Member

Hi Carl, was just coming here to see if there was an update ...

For my work around in the mean time was going be to use a manual honey pot as described above in the first post.

1. Is there a way to require one of your fields to be empty? Would seem to be a simple implementation in your script, and then add an additional rule tick box "Required left empty" or something.

2. Can I create a fields on a form but not display it to humans (visible to machines)? I assume I could use display: none for a custom css class, but my understanding is that does not make the field invisible, but rather removed the field from the form altogether.

Perhaps I am oversimplifying things, but the addition of these 2 abilities on GravityForms would allow users to manually create honey pots by adding, for example, a field called "Required Email", then require it to be empty for successful form submission, and only display it to machines (invisible on the screen).

Then again, maybe this IS the process you intend and I have no idea of the complexities involved and you are waiting to find a time line for coding. :)

Any advice would be appreciated.

Thanks for a great product!

Jeff

Posted 14 years ago on Monday March 29, 2010 | Permalink
Jeff
Member

I see there is a "hidden" field in the field selector, I am guessing this fulfills number 2 above.

What about number 1 above?

Can I force a field to be empty?

Anyone?

Posted 14 years ago on Wednesday April 28, 2010 | Permalink
Carl Hancock
Administrator

Currently there is no option to require that a field be empty. But it's something we can look into adding into one of the upcoming releases as an advanced setting for that field.

Posted 14 years ago on Wednesday April 28, 2010 | Permalink
jigsaw-internet
Member

Please do add the option to require a field be empty to validate. It's such as quick and easy method of spam protection and something that shouldn't be too difficult for you to integrate into an otherwise great plugin.

Thanks

Posted 14 years ago on Thursday May 6, 2010 | Permalink
sleary
Member

I recently changed all the forms on a busy site from MMForms/Contact Form 7 to Gravity. While I love the admin interface and the notification features, we're seeing a lot more spam despite using a required numeric field. (I flatly refuse to use a captcha. Users should not have to do extra work to solve my spam problems. The numeric field is bad enough.) It's not bad enough to make us change back... yet.

I hope Akismet integration is a priority!

Posted 14 years ago on Tuesday June 29, 2010 | Permalink
StephenMeehan80
Member

Any further news on Akismet spam filtering?

Seems strange free plug-ins have this feature and Gravity forms does not. I have found Gravity Forms to be an excellent plugin, but the captcha isn't good.

I agree with sleary, users shouldn't have to do extra work to solve our spam problems.

Is there a date for Akismet spam filtering to be added?

Keep up the good work!

Posted 14 years ago on Friday July 2, 2010 | Permalink
Carl Hancock
Administrator

There is no date for Akismet as we don't set timelines for future releases until the current release is out the door. We are still wrapping up the next release. We do plan on creating an Akismet add-on and when we start another add-on development cycle it will be at the top of our list along with PayPal.

Posted 14 years ago on Friday July 2, 2010 | Permalink
sleary
Member

Thanks, Carl.

Posted 14 years ago on Friday July 2, 2010 | Permalink
Moshe_SWD
Member

I would also like to request the above mentioned spam features. I also think they are a priority.

Keep up the good work,

Moshe

Posted 14 years ago on Tuesday July 13, 2010 | Permalink
mark0s
Member

Howdy,

I'll give this numeric field option a try and how it goes. Great tip :)

Posted 14 years ago on Thursday August 5, 2010 | Permalink
Carl Hancock
Administrator

Gravity Forms v1.3.14 will feature both an anti-spam honeypot option and support for the Really Simple Captcha plugin that will bring an alternative captcha option and a math caption option to the Captcha field in Gravity Forms. These new captcha options will require you to install the Really Simple Captcha plugin as we have simply added support for that plugin in the next release. But it is a free plugin available on WordPress.org.

Posted 14 years ago on Friday August 6, 2010 | Permalink
Jeff
Member

Thanks for the honey pot!

Posted 14 years ago on Tuesday September 14, 2010 | Permalink
chm
Member

Please tell me 1.5 has Akismet support. Even most free contact form plugins for WordPress already support Akismet. I loathe and detest captchas and try to avoid them like fire. I'm thinking about purchasing GF but if it doesn't have a basic and absolutely essential feature like Akismet integration, then I'm sticking to free alternatives.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
Chris Hajer
Key Master

A response yesterday from Kevin regarding Akismet:
http://forum.gravityhelp.com/topic/anti-spam-honeypot-not-enough-for-seo-spammer#post-13943

In short, they're planning on adding it in a future version. It's not supported now.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
Kevin Flahaut
Administrator

Nope. Askimet support isn't part of 1.5 but will be added in the near future. I would disagree that it is "a basic and absolutely essential feature" but nonetheless, it's something we do plan on adding so there will be more spam prevention options.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
chm
Member

Well, no, I suppose it is possible to survive in a post-apocalyptic internet without Akismet, but my reasoning is this:

1. Akismet is an official Automattic service
2. Akismet plugin is bundled with WordPress
3. Akismet is very effective at fighting spam
4. Akismet can be used by other plugins and applications
5. Akismet is transparent and does not require captchas or any other manual verification

5 good reasons FOR, and I honestly can't think any reasons AGAINST. If you can think of one, please enlighten me.

That's why I was so surprised that a paid and actively supported and updated plugin that has been around for quite some time _still_ doesn't have Akismet integration while completely free alternatives do.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
Chris Hajer
Key Master

I have tried Akismet in the past and find the false positives far more damaging than the spam I get without using Akismet (and there is very rarely any spam after starting to use the built-in honeypot.) I can't afford to flag a legitimate form submission as spam, but I can deal with the spam I get without using Akismet.

I also received spam even when using Akismet, so I would say the honeypot solution is as effective as Akismet for me, without any false positives.

Looking over form submissions for one form on one site, I have 857 submissions and 3 spam messages, when using the honeypot and not Akismet. That's been my experience and why I won't use Akismet with Gravity Forms, even if it does get included in the future.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
chm
Member

Hrm, I've just read what the honeypot feature does and I must admit it's a pretty good way to deal with spammers. Although I still have every faith in Akismet's effectiveness. One site I run has around 10500 comments and only 4 false positives over a 2 year period.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
Carl Hancock
Administrator

5 good reasons FOR, and I honestly can't think any reasons AGAINST. If you can think of one, please enlighten me.

It's not so simple. Akismet is specifically designed for comment spam, it isn't a generic spam filter. The fields it accepts are comment specific and it doesn't accept custom fields of any type... it's limited. Here are the fields Akismet accepts:

comment_author
comment_author_email
comment_author_url
comment_content

Gravity Forms is a form tool and creates forms for everything. It isn't a comment form and has a much wider range of fields that can be used.

What is going to end up happening is you are going to have to map a limited number of your form fields to the available Akismet fields. So your only going to be able to pass to Akismet a Name, Email, URL and 1 paragraph field. Akismet is going to think it's a comment.

We are planning on Akismet add-on, however we have to see how to best implement it and take advantage of what Akismet offers while also making it usable with our users. On top of that we also have to implement a Spam flag so Entries are marked as Spam and can be browsed as such.

Once you start getting into the actual implementation, it isn't as simple as just passing the form data to Akismet. When we do it, we are going to do it right.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
igneous
Member

But realistically, the fields you listed should be enough.

comment_author > Name
comment_author_email > Email
comment_author_url > Website
comment_content > Paragraph Text

Those Akismet > Gravity Forms combinations are pretty straightforward and don't need any user customization.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
Carl Hancock
Administrator

@igneous Correct. But we also have to add the capabilities to Gravity Forms to flag entries as spam so they don't appear in entries, but allow you to go to a Spam box and view entries flagged as spam and then unspam or delete them like WordPress does with comments. So it's not as simple as just doing the Akismet piece. We do plan on doing Akismet integration, but not until we have time to devote to do the entire implementation the right way.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
igneous
Member

Understood. Well, now that I've discovered the joys of honeypot, I am in no rush to have Akismet support. Take your time and make sure it's done right.

Posted 13 years ago on Thursday December 9, 2010 | Permalink
egils
Member

Sorry for digging this up. But has the spam issues been resolved? I've been using GF for some time now but just recently I got a load of spam submissions that were added to the global entries and not spam enries.

I have akismet installed but I guess it's not helping.

How do you I install honey pot?

I can't use captcha on my site because my contact form is on a narrow sidebar that is just 250px wide so a recaptcha form doesn't fit or any other captcha. Also I don't want my customers to fill out captchas.

Also how do I delete all these spam entries? http://i.imm.io/SUvB.png
I know in spam section you can just click on delete all... I don't know
how to delete them through mysql.

Please help, thanks!

Posted 11 years ago on Tuesday January 15, 2013 | Permalink
Chris Hajer
Key Master

There is no need to install the honeypot. You can activate it on the form settings tab for each form. Screenshot: http://minus.com/lbxoPbFwC6Xmqi

Check the box which says "Enable anti-spam honeypot"

Posted 11 years ago on Tuesday January 15, 2013 | Permalink