In the last week we have received an increase in the number of forms that have contained automated spam. I'm assuming from a spambot. Has anyone else noticed an increase?
Marketo forms come built in with a hidden field (_marketo_comments) intended to delete any lead which fills in that field (which only a spam bot could do, since it's hidden). Are there spam leads being created which have this field filled out? Or are there spam leads being created which are not filling out this field? Or are the lead records completely blank (as if they just clicked "submit" without filling anything out)?
The soam leads have been created with the fields filled out and with gmail accounts. Therefore, they contain random characters in the fields and an email address so Marketo will be creating records. This is why I raised this within the community to see if anyone these was seeing this behaviour. As the hidden field seems not to be working in this case.
Hi, I just had multiple spam submissions overnight. Our forms are embedded on our site and do have the _marketo_comments field in them. I’m fairly new to Marketo, so I’m not sure how to check the hidden field for the submissions that happened last night. We had this problem before we implemented the Marketo forms, but our outsourced web developer implemented a WordPress plugin that stopped the spam. Now it’s back again and he doesn’t know anything about Marketo or how to stop it. We just added the forms last week. Should I contact support? Or is there something else I can check or do to stop this from happening?
We use Marketo landing pages for our forms, however below is the script that Marketo Support sent me. I understand this is a generic script that is the public domain to help stop spambots. So send the script to your IT guys and they might be able to place it on your form pages to stop the spam.
We noted that we were only received the spam via our contact us form, which makes sense as a spammer would be looking for popular naming conventions to find targets.
Since we placed the script in the custom header of the form we have not received anymore junk spam, it has only be a few days but long may it continue.
I hope this helps. might be an idea to contact Marketo Support regardless.
Kind regards Karen
Add the script to the form landing page - Select: Landing Page Actions - Edit Page Meta Tags - Custom Head HTML <noscript>Please enable JavaScript! <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.website.com.nospam/"> </noscript>
Note the "nospam" added. It can be anything. The idea is to throw a HTTP 404 (invalid page) when JavaScript is disabled. Robots have that setting to improve performance therefore they will not reach the form and try another website.
We've been seeing a lot of spam too. In fact, when I've looked into it, it looks like they've scraped the form code off our website and are hosting it somewhere else. I believe this is the case because even after we remove all traces of a certain form, we still see junk lead form submits. Sometimes I see hundreds a day!
Yes, Karen. We got three over the weekend, which were undeniably spam but Marketo treated them as real leads, created a task for it, etc. We don't use Marketo landing pages, so I'll try the above script also.
We've seen the same spike in spam form completions this past weekend. Has Karen C's code worked fro other people? Our spam has been the kind of "Buy Cheap Viagra" spam that most email accounts now easily filter.
Here's an example
First Name: Cheap cialis Las Name: Online catalogs for sellers of viagra and cialis in usa Email: ftnzxppzie@vhqndg.com
The bot left a long URL in the comments box and most intersting of all, all of our spam form completions have the same inferred metro area (Miami) and same inferred company (IPTelligent LLC). Has anyone else seen spam form this inferred company?
.png)