Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building a Honeypot

Jason A. Crome
February 21, 2019
Programming
0
39

Building a Honeypot

CAPTCHAs are evil. You can still stop bots, but do so in an accessible way. This brief talk will show you how.

Jason A. Crome

February 21, 2019
Tweet

More Decks by Jason A. Crome

See All by Jason A. Crome
Constructing Command Line Applications in Perl
cromedome
0
58
Accessibility in Web Sites
cromedome
0
19
Dependency Management with Carton
cromedome
0
28
Scraping Tumblr
cromedome
0
41
Charlotte Perl Mongers Kickoff
cromedome
0
19
wEdge for Treasurers (and everyone else, too!)
cromedome
0
32
Integration Points for Property Tax, CAMA, & GIS
cromedome
0
170

Other Decks in Programming

See All in Programming
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
990
PostmanでAPIの動作確認が楽になった話
h455h1
0
180
Exploring the Implementation of “t.Run”, “t.Parallel”, and “t.Cleanup”
akarin
1
110
Domain-Driven Transformation
hschwentner
2
1.5k
Sheets API使ってみた
toshi0383
2
160
障害対応を起点としたもっといい開発と運用のサイクル作りのためにできること / Hatena Enginner Seminar #29
polamjag
0
370
Next.js App Router
quramy
11
1.7k
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
420
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
2
130
大規模UIKitベースアプリへのTCAの段階的導入/gradual-adoption-of-tca-in-a-large-scale-uikit-based-app
takehilo
2
200
Apache Hive 4 on Treasure Data
ryukobayashi
1
420
使ってみよう Azure AI Document Intelligence
kosmosebi
2
360

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
689
190k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
1.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
BBQ
matthewcrist
80
8.8k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
228
16k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
14
1.5k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Raft: Consensus for Rubyists
vanstee
133
6.3k
RailsConf 2023
tenderlove
8
550
Bash Introduction
62gerente
605
210k
How to train your dragon (web standard)
notwaldorf
75
5.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
32
46k

Transcript

  1. Building a Honeypot Jason Crome Copyright 2019, Jason A. Crome

  2. What’s a Honeypot? • Wikipedia: “…a computer security mechanism set

    to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.” • In this case, we are deflecting the attempts of a bot to stuff our contact form full of bogus information. • Sounds like a CAPTCHA, right? Copyright 2019, Jason A. Crome

  3. So why not a CAPTCHA? Copyright 2019, Jason A. Crome

  4. So why not a CAPTCHA? • Not accessible • Easily

    spoofed • Newer CAPTCHAs use machine learning to determine if you’re a bot Copyright 2019, Jason A. Crome

  5. Why use a honeypot? • Puts the burden on the

    bot, not on the user • Less annoying • More accessible Copyright 2019, Jason A. Crome

  6. How to Implement • Create two hidden form fields: one

    is type hidden, the other is hidden with CSS • User never sees either one, but most bots will • If either filled in, act accordingly Copyright 2019, Jason A. Crome

  7. SHOW ME THE CODE! Copyright 2019, Jason A. Crome http://advent.perldancer.org/2018/21

  8. Working Example https://crome-plated.com/contact Copyright 2019, Jason A. Crome

  9. Questions? Copyright 2019, Jason A. Crome

  10. Thank you! Copyright 2019, Jason A. Crome