FoolBotHoneyPot_v2_3_01
Release 30/03/2014
Since we have some very good methods to detect bots without a shadow of a doubt, I've added the option to cache the known bot IP addresses locally (This is optional, and can be turned off by setting to 0)
Known bot IPs are only cached if they have modified multiple hidden fields, have no javascript detected and have attempted to register very quickly.
Using cached Known bot IP addresses, we can then use a 0 query method to 401 unauthorised, or redirect them to a page of your choice.
We can therefore stop bots that try to brute force the registration page (after detection, they will not be able to resend another attempt for 48 hours by default), we do this with a 0 query method and should reduce server impact that bots usually have when brute forcing the registration page.
If you want, you can redirect these bots to a page on your site telling them that their IP has been stored for x hours as it has been detected as a bot.
However, if you redirect them to a forum page, bare in mind, brute force bots will hit this page over an over, I recommend leaving the default 401 unauthorised page
- Cache known bot IPs of x hours
- Prevent re-attempts for x hours (optionally redirect bots / 401)