Spam Form Fills

Highlighted
Level 10 - Community Moderator

Re: Spam Form Fills

It can be used either with embedded Marketo forms or named mktoForm elements on a Marketo LP... you're looking at an embedded form on CodePen!

Highlighted
Level 5 - Champion

Re: Spam Form Fills

Great, thanks for confirming!

Highlighted
Level 1

Re: Spam Form Fills

Hi Sanford,

This is awesome, thank you for providing the code! We've used it on our forms as well, but we do run into an error: 

{ "success": false, "error-codes": [ "invalid-input-response" ] }

As we believe it is to do with the lastRecaptchaUserInput, our question is: How do we 'process' the 'lastRecaptchaUserInput' in Marketo?

form.addHiddenFields({

      lastRecaptchaUserInput: recaptchaResponse

});

 

Snippet from: https://codepen.io/figureone/pen/meybqN?editors=0110

Looking forward to your response!

Many thanks,

Sophie

Highlighted
Level 10 - Community Moderator

Re: Spam Form Fills

Well, you have to send the lastRecaptchaUserInput to the webhook (which you're doing) but then working with the response is a significant number of additional steps, like triggering on Webhook Is Called and then proceeding with lead intake processing from there, only if the person passes reCAPTCHA validation. (All other processes need to be dependent on the reCAPTCHA success, there can't be stuff that fires while the validation is still running.)

Bottom line, there are too many moving parts to really troubleshoot via Community thread.

Highlighted

Re: Spam Form Fills

Ashley Ahearn

Here are more details for the solution recommended by Dory:

- Created a custom field in Marketo 'Is Spam' and type as 'string'.

- Add the field in all the forms as hidden, and approve the associated landing pages.

- In your smart campaigns for form fills, add a filter that says 'Is Spam' is empty. On any form fill, if 'Is Spam' is not empty, it will be a spam lead since humans would not be able to see it and fill it. Only spam bots will be able to fill it.    

Highlighted
Level 5

Re: Spam Form Fills

Hi, I followed this method, and I still receive those spam form fills. Am I missing something? Here is my smart campaign.

Capture.PNG

Highlighted

Re: Spam Form Fills

Interested in the response to this!

Highlighted

Re: Spam Form Fills

The "hidden field" method is not usable, as the field cannot be required. If the field is required, valid form fill outs could never complete, because you'd be requiring a field they can't see. A bot could easily not fill in a field that is not required.

Highlighted

Re: Spam Form Fills

Is there a step-by-step guide on how to implement this? I have Sanford's code, I have a site key and secret key from google, and now i'm lost.

Highlighted
Level 5

Re: Spam Form Fills

Hello Everyone

We are seeing similar issues

  • the bots / hacker will push data via the form using POST URL and therefore bypassing the normal form submission by a person that clicks on the "submit" button
  • reCAPTHAT will not block spam bots in the scenario above. We have verified it using a script and we were able to submit records over and over
  • an attack of 10s of thousands like this will bring down your other systems that are syncing with Marketo
  • we use an email verification tool on our form as well. for this type of situation the results are very limited.

So far Marketo is not giving us any options on how to prevent these leads to enter Marketo database

  • with the reCAPTCHA we can check if the submission is a person and if it not the lead can be deleted immediately
  • but what we want is for the records to never enter marketo in the first place

I welcome any solution that is robust for this issue.

Thanks a lot

Axel