A honeypot is a security decoy designed to attract and trap attackers or automated bots. By interacting with a honeypot, an attacker reveals their presence, methods and origin — without disrupting legitimate users who never encounter the trap.
Honeypot in Web Forms (Spam Prevention)
The simplest use of a honeypot is in HTML forms. A hidden form field (invisible to human users via CSS) is included:
<input type="text" name="website" style="display:none;" tabindex="-1" />Legitimate users never see or fill this field. Bots that automatically complete all form fields fill it in. The server rejects any submission where this field is populated. This is a zero-friction spam defence — no CAPTCHA needed.
Network Honeypots
At the infrastructure level, a honeypot is a system or service made to look attractive to attackers but that has no legitimate users. Any connection to a honeypot is therefore suspicious by definition, alerting security teams to scanning, exploitation attempts or data exfiltration.
Honeynet
A honeynet is a network of multiple honeypots designed to simulate an entire infrastructure, used by researchers and security teams to study attacker behaviour in detail.
Advantages and Limitations
- Advantage: Zero false positives for network honeypots — any interaction is an attack.
- Advantage: No friction for legitimate users in the form-field variant.
- Limitation: Sophisticated attackers may detect and avoid honeypots.
- Limitation: Does not block attacks — only detects them.