Skip to navigation
Honeypots example for laravel
19.10.22
honeypots example for laravel if ($request['userName'] != NULL): return redirect()->back() ->withErrors(['Wrong Captcha']) ->withInput(); endif; if (time() - $request['requestTime'] <= 5): return redirect()->back() ->withErrors(['Wrong Captcha']) ->withInput(); endif; Honeypots A Honeypot is a trap for automated bots, which marks it as a spammer. The honeypot captcha is similar to the ordinary captchas and needs to be solved before proceeding further. However, after solving such a captcha, the visitor will not proceed further until he performs some action (such as clicking on a link/button), which helps identify him as a human visitor instead of an automated bot. This prevents most block bots since most such bots do not perform such actions after solving captchas. As with most defensive technologies, honeypot captchas are best used with other measures such as rate limiting and captcha security levels. Advantages of Honeypot Captcha vs. Regular Captchas Apart from being more secure, there are other advantages: No captcha frustration experienced by those visitors who cannot solve the standard captcha. This enables an improvement in the overall user experience. It is easier to implement a honeypot captcha compared to other defensive technologies such as reCaptcha. Disadvantages of Honeypot Captcha vs. Regular Captchas The disadvantages, though, can be: There may be a false positive where bots cannot identify the honeypot field and continue solving the regular captcha instead. A high false-positive rate can result in a bad user experience since many users will not proceed further on the site due to failed captchas. Although this issue can be avoided by using advanced honeypot captcha variants, it is still a valid concern. Honeypot Captcha Implementation The following are the different types of honeypot captchas that are currently available in the open-source domain: Textbox Honeypots This type of captcha requires the users to select the textbox containing a specific string or pattern. After solving such a captcha, if no action is performed, the user will not proceed further. If an action is performed immediately after solving the captcha, then there is a high probability that he is a human visitor instead of an automated bot. Image Honeypots Like textbox honeypots, image-based honeypots require users to identify images with a specific pattern or image. After solving such a captcha, if no action is performed, the user will not proceed further. If an action is performed immediately after solving the captcha, then there is a high probability that he is a human visitor instead of an automated bot. Video Honeypots Similar to textbox and image honeypots, video-based captchas require users to watch a short video. After watching such videos, if the user does not act, he will not proceed further on the site. In most cases, clicking on any play/pause button helps in identifying humans from bots. Hidden Honeypot Cross-Site Request Forgery (CSRF) Form This type of captcha requires users to act on a different site. The users are presented with a form to be submitted on another website. Users need to identify whether the displayed captcha is hosted on that target website and then submit the filled-out form (only if that specific captcha belongs to that target website). This method can also be used as a general CSRF token technique. However, it has some performance issues due to its usage of JavaScript for each request which needs to be performed by the user. Multi-Valued Honeypot This type of honeypot captcha requires users to solve multiple honeypots (of any kind) before proceeding further on the site. Each solved honeypot will remove one div from the captcha image, making the solving process very difficult for bots. This type of honeypot captcha is recommended when security is the top priority, and the false-positive rate can be ignored for a while.
https://ugur-muslim.medium.com/honeypots-an-example-with-laravel-26aa65960b82
Reply
Anonymous
Information Epoch 1763450744
Save trees.
Home
Notebook
Contact us
