Honeypot is a pretty simple module, that just pretends to submit contact submissions when a fake field is filled out by a bot. It also logs the 'blocked submission'. Autoban can and does work with honeypot since it's just pulling from the activity log, but I think there is a slight bug in the SQL query construction to pull from the message logs, particularly as it relates to underscores in the message.
For instance, the auto suggested 'log analyze' rule looks like this:
Type: honeypot
Message: Blocked submission of contact_message_feedback_form due to submission of a value in the honeypot field.
That suggested rule doesn't work, but I kept messing around with the wildcard option and variations of the message string and determined that the contact_message_feedback_form portion of the message is most likely what is failing the SQL query for the IP's to ban.
So, something like this works:
Type: honeypot
Message: Blocked submission of %
I think more precisely, it's caused by the underscores. I attempted to wrap them with brackets after googling SQL LIKE underscore syntax stuff, but I wasn't able to make any headway. Maybe I don't quite understand the syntax.
Active
1.7
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
@dtw_2000, D9 changed dblog storage, I re-work Analyze section in Autoban, please test
Automatically closed - issue fixed for 2 weeks with no activity.