Blank Form Submissions by Spam Bots

Blank Form Submissions by Spam Bots

We need a better way to handle Spam Bots filling out our forms.  They are bypassing javascript validation, and we are incurring conversion costs.  
30 Comments
Anonymous
Not applicable
Subscribing to this idea/thread.
Anonymous
Not applicable
@Eric what is an "onblur" event? I'm not particularly Javascript-savvy but this sounds like it would be a great solution for us.

Many thanks,
Hoi
Anonymous
Not applicable
Subscribing. It's odd that these bots seems to target some forms more than others.
Anonymous
Not applicable
Subscribing. This is becoming a real problem for us.
Anonymous
Not applicable
Any solution to this?
Anonymous
Not applicable
Eric, can you please be more specific about the option you offered?
Anonymous
Not applicable
So some background

1. Most bots do not go through the effort to processing javascript on a browser page because it requires more (way more) memory and processing cpu time per connection.  They generally will find a form and then use a looping script to insert data into the form to overload or saturate the backend.  The goal is usually an SQL injection or buffer overrun to gain access to the backend or or denial of service attack to prevent visitors from using the service.

2. So by moving a honeypot field into javascript, you will be able to prevent form spammers who won't take the time to attack using these methods. To add a layer of complexity, you could use javascript to add and additional hidden field to the form dynamically and process its value.
 

A honeypot/honeytrap is a well-used security term used to describe a method of trapping and preventing security holes.  I am preverting the term slightly for this case in trapping spammers.
 
Methodology:
  • create a custom field in Marketo, it really doesn't matter the type but using a number makes it easy
  • write some javascript for the page with the form, my preferred library is to use jquery, that will
    • add a hidden input using your honeypot fieldname to your form with a default value, such as zero (0)
    • hook (bind) the visible input fields using the onBlur or onChange events in javascript to then update the value of the  honeypot field to one (1)
  • upon form submit, build a receiving campaign in Marketo to check if the honeypot field is not 1 then the lead is most likely a spammer and you could then delete it, quarantine it to a list or whatever else you deem appropriate.  There are a select few internet crazies who don't run javascript on their browsers and unless you are in the security or software development markets you shouldn't have to worry about this.

OnBlur event is a javascript event trigger that fires when the field currently highlighted moves (or loses focus) to the next one.


Josh_Hill13
Level 10 - Champion Alumni

This is now a set of Treasure Chest Beta options.

kh-lschutte
Community Manager
Status changed to: Open Ideas
 
Steven_Vanderb3
Marketo Employee
Status changed to: In Process