Re: Bots & Form Fills

Anonymous
Not applicable

Bots & Form Fills

Can anyone suggest a way to block bots on our form fills? We have triggers set up that send an alert to sales each time there is a trial request. Yesterday we were besieged by bot requests. We discussed adding some additional filters such as "clicked a link" or "member of campaign". However this wouldn't work under all scenarios as we also have search campaigns running that lead over to form captures. My understanding is that Marketo doesn't support Captcha so I was wondering if anyone has discovered another mechanism to prevent bots in your forms. Thanks in advance for your help!
Tags (1)
6 REPLIES 6
Anonymous
Not applicable

Re: Bots & Form Fills

Hi Liz,

One method I've used is called a honeypot - (but, quick disclaimer) this won't block bots from being able to submit your form, but it will help automate the separation and deletion of junk data.  It's very easy to implement as all it requires is to simply add a hidden field.  I would suggest adding a field of 'string' type to your forms.  

Once you've added your hidden field, on subsequent submissions of the form, if your hidden field contains junk data you can assume a bot is the culprit. The idea is that if a human user submitted the form, they would not be able to see the hidden field and therefore would not populate it.  At this point what I would do is create a separate triggered campaign that says: "if lead is created and xyz hidden field is not empty, delete the lead".
Anonymous
Not applicable

Re: Bots & Form Fills

Thanks for this, I'm going to try implementing it within a Data Management clean up campaign.  Does the form Pre-fill need to be set to "Enabled" in order to catch the bots in the honeypot here?

Anonymous
Not applicable

Re: Bots & Form Fills

Hi Bianca, I would actually disable prefill for any/all hidden honeypot fields you incorporate in your form.  This will prevent any 'false positives' from coming in when an actual person submits your form.

Anonymous
Not applicable

Re: Bots & Form Fills

That's what I thought as well, that if enabled it might prompt a fill and pass the filter.  So I have it disabled on that field only.  I created it as a string field called a Lead Bot Spam Net that is added as hidden to all forms now, with some workflows that will delete such leads on creation if referral sources match those identified as spam referral traffic in Google analytics, or if submitted in conjunction with a previously identified invalid email address, or personal email rather than a work email.   All others that make it through I'll look at manually once a month.

Anonymous
Not applicable

Re: Bots & Form Fills

We've got bots hitting our forms, but they don't fill out every field on the form.  Is there a way to "encourgage" a bot to fill out a hidden field?
John_Clark1
Level 10

Re: Bots & Form Fills

Hi Liz,

Marketo has a built in protection mechanisms that help tremendously with reducing the number of spam form fills, but with that said, its a bit of a cat and mouse game as our security team keeps upgrading the protections on our side and spammers keep improving their attacks, so it becomes impossible to stop all spam submissions.

There are a variety of techniques customers have implemented to deal with this issue beyond the protections provided on Marketo forms.

I would encourage one of two things if you continue to see this level of spam:

1 )Add JavaScript validation to the header of your landing pages. This checks to see if JavaScript is enabled on the browser - and, if not, redirects the lead to a page that advises them to do so.  Spam bots do not have Javascript enabled, so this can cut down on spam submissions. This will minimize but not eliminate these submissions.  You can also use javascript to do custom validation on any of the fields in your form, but keep in mind that you would need a developer's help for these solutions solution.

2) Additionally, you can also create a campaign based on patterns you notice for spam submissions and delete leads which you believe fit these patterns.  For example, leads created via a form with "Email Address is empty", are most likely spam and could be deleted.  That will help to keep your database clear.

3) Finally, you may also want to consider adding reCaptcha from Google, although this will often lower the number of legitimate submissions as well, so I would use this as a last resort only.  You can read more about it here: http://www.google.com/recaptcha

Please let me know if there is anything else I can help you out with.

John