Honeypot Captchas for Rails

A simple, unobtrusive way to try to combat automated form spam.

Posted by Curtis Miller on April 12, 2010

A while ago, I read a few articles on the technique of honeypot captchas and thought it was a pretty simple, but interesting, technique.

Essentially, with honeypot captchas you add fields into public facing forms that you expect to not be filled in, then you hide them through CSS (or other means). Since spam bots don't usually apply CSS styles, the fields are visible to them, yet styled away for normal users. And we all know how spam bots love to fill in whatever fields they find... When the form is submitted, you simply check for these honeypot captcha fields to have values. If they do, then you stop processing the request and return as if everything completed a-okay.

I used this technique on a site several years ago and meant to package it into a gem. This weekend, I finally checked that off my todo list! Now, I'd like your feedback on whether this is useful and what I can do to make it better. Feel free to fork the repository and mess with the code. If you add a feature, please send me a pull request. Thanks!

You can find the repository here: Honeypot Captcha on Github.


Need web application development, maintenance for your existing app, or a third party code review?

Velocity Labs can help.

Hire us!