Re: Spam Form Fills

SanfordWhiteman · ‎12-04-2018

It can be used either with embedded Marketo forms or named mktoForm elements on a Marketo LP... you're looking at an embedded form on CodePen!

Brooke_Bartos1 · ‎12-04-2018

Great, thanks for confirming!

Sophie_Kool2 · ‎12-19-2019

Hi Sanford,

This is awesome, thank you for providing the code! We've used it on our forms as well, but we do run into an error:

{ "success": false, "error-codes": [ "invalid-input-response" ] }

As we believe it is to do with the lastRecaptchaUserInput, our question is: How do we 'process' the 'lastRecaptchaUserInput' in Marketo?

form.addHiddenFields({

lastRecaptchaUserInput: recaptchaResponse

});

Snippet from: https://codepen.io/figureone/pen/meybqN?editors=0110

Looking forward to your response!

Many thanks,

Sophie

SanfordWhiteman · ‎12-19-2019

Well, you have to send the lastRecaptchaUserInput to the webhook (which you're doing) but then working with the response is a significant number of additional steps, like triggering on Webhook Is Called and then proceeding with lead intake processing from there, only if the person passes reCAPTCHA validation. (All other processes need to be dependent on the reCAPTCHA success, there can't be stuff that fires while the validation is still running.)

Bottom line, there are too many moving parts to really troubleshoot via Community thread.

Alok_Ramsisaria · ‎08-12-2016

Ashley Ahearn

Here are more details for the solution recommended by Dory:

- Created a custom field in Marketo 'Is Spam' and type as 'string'.

- Add the field in all the forms as hidden, and approve the associated landing pages.

- In your smart campaigns for form fills, add a filter that says 'Is Spam' is empty. On any form fill, if 'Is Spam' is not empty, it will be a spam lead since humans would not be able to see it and fill it. Only spam bots will be able to fill it.

KanakoTone · ‎05-08-2017

Hi, I followed this method, and I still receive those spam form fills. Am I missing something? Here is my smart campaign.

Carolyn_Price · ‎09-14-2017

Interested in the response to this!

Michael_Mason · ‎10-17-2018

The "hidden field" method is not usable, as the field cannot be required. If the field is required, valid form fill outs could never complete, because you'd be requiring a field they can't see. A bot could easily not fill in a field that is not required.

Sarah_Bartell1 · ‎10-09-2017

Is there a step-by-step guide on how to implement this? I have Sanford's code, I have a site key and secret key from google, and now i'm lost.

Abaran · ‎12-08-2017

Hello Everyone

We are seeing similar issues

the bots / hacker will push data via the form using POST URL and therefore bypassing the normal form submission by a person that clicks on the "submit" button
reCAPTHAT will not block spam bots in the scenario above. We have verified it using a script and we were able to submit records over and over
an attack of 10s of thousands like this will bring down your other systems that are syncing with Marketo
we use an email verification tool on our form as well. for this type of situation the results are very limited.

So far Marketo is not giving us any options on how to prevent these leads to enter Marketo database

with the reCAPTCHA we can check if the submission is a person and if it not the lead can be deleted immediately
but what we want is for the records to never enter marketo in the first place

I welcome any solution that is robust for this issue.

Thanks a lot

Axel