Honeypot Form Field for Dynamic Forms in Orchard CMS to Prevent SPAM

Honeypot Form Field for Dynamic Forms in Orchard CMS to Prevent SPAM

If you are having issues with bots spamming your forms in Orchard CMS but don't want to use CAPTCHA, an 'old school' method I used years ago was a honeypot form field. This is a non-visible form field that users won't see and fill in. However, simple bots will detect the field and fill it in along with all the other fields on the form. Given this behavior, one can usually detect spam by checking the presence of data in that honeypot form field. If it contains data, more than likely the form was filled by a bot and you can treat it as spam.

Often this honeypot form field is just a Text Field with visibility set to hidden.

<input type="text" name="buzzbuzz" id="beehive" />

#beehive { visibility: hidden; }

We can use this technique with Orchard CMS to detect spam in our Dynamic Forms. We have a couple of choices.

Custom Honeypot Form Element and Workflow Activity

Dynamic Forms in Orchard CMS are extensible. We can create a custom Form Element, called Honeypot, for use with Dynamic Forms.

This option is useful when the requirements are more elaborate and there are a lot of forms. The enacapsulation and abstraction benefits from a single Honeypot Form Element are great when it is used in numerous Dynamic Forms in an Orchard CMS Website. In addition, one can create custom Workflow Activities that help deal with the spam.

Honeypot Form Element for Dynamic Forms in Orchard CMS

This is a bit involved and probably unnecessary for most websites, because we can use the built-in Text Field and Workflow Activities in Orchard CMS to provide honeypot form field spam protection.

Honeypot Form fields using Dynamic Forms and Text Fields in Orchard CMS

Unless you have sophisticated requirements or many, many forms in your Orchard CMS website, creating a custom Form Element is unnecessary. One can use a Text Field and the built-in workflow activities to offer honeypot form field protection from spam. Add a Text Field to your Dynamic Forms to use as the honeypot form field. Don't include a label and set the CSS in your style sheets such that the Text Field is hidden in the form. Note that this is not a Hidden Field, but a Text Field with CSS that makes it hidden to the user.

Using Text Field as Honeypot Form Field for Dynamic Forms in Orchard CMS

In an Orchard CMS Workflow we can use the Dynamic Form Validating or Dynamic Form Submitted Workflow Activities to initiate a workflow that checks the contents of the honeypot form field and then acts accordingly. A good way to check the form field for data is in a Decision Workflow Activity using a bit of C# scripting. For illustration purposes, I used the Dynamic Form Validating Workflow Activity and Decision Workflow Activity to display a Model Error if the honeypot form field was populated.

Orchard CMS Workflow to Detect Spam in Dynamic Forms Honeypot Form Field

When the form is being validated, we check to see if the honeypot form field is not null ( has a value ). If it does, we label it as spam and display a validation error on the form. Again, this is for illustration to explain the concept.

Orchard CMS Dynamic Forms Fight Spam

The Decision Activity in Orchard CMS Workflow supports scripting in C#. I named the Text Field "buzzbuzz". One can check for the presence of data in the Text Field and route to Spam as follows:

if (#{FormSubmission.Field:buzzbuzz} != null) { 
	SetOutcome("Spam");
}

In your production website you may want to use the Dynamic Form Submitted Workflow Activity and do something more appropriate with suspected spam.

Hope this helps.