alt Hacker NewsYou add "hidden" inputs to your HTML form that are named like "First Name" or "Family Name". Bots will fill them out. You will either expect them to be empty or you fill by JavaScript with sth you expect. It's of course reverse-engineerable, but does the trick.
Replies
grey-area • today at 5:26 AM
Thanks, I’ve seen scripted attacks bypass this sort of hidden input unfortunately (perhaps human assisted or perhaps just ignoring hidden fields).
➕ show 2 replies
bevr1337 • today at 5:49 AM
Do you test this against password managers? Seems like this approach could generate false positives
imhoguy • today at 8:02 AM
Watch out, it may break accessibility of your service. If somebody fills these fields I would add extra verification e.g. accessible CAPTCHA.
Doesn't that break password manager autofill?