Re: Spam Records Created (Bot attack where Honeypot doesn't help)

Abaran · ‎12-08-2017

hello Gregory

We are seeing similar issues

the bots / hacker will push data via the form using POST URL and therefore bypassing the normal form submission by a person that clicks on the "submit" button
reCAPTHAT will not block spam bots in the scenario above. We have verified it using a script and we were able to submit records over and over
an attack of 10s of thousands like this will bring down your other systems that are syncing with Marketo
we use an email verification tool on our form as well. for this type of situation the results are very limited.

So far Marketo is not giving us any options on how to prevent these leads to enter Marketo database

with the reCAPTCHA we can check if the submission is a person and if it not the lead can be deleted immediately
but what we want is for the records to never enter Marketo in the first place

I welcome any solution that is robust for this issue.

Thanks a lot

Axel

SanfordWhiteman · ‎12-08-2017

As I mentioned in the other thread Spam Form Fills, you need to make sure that your reCAPTCHA verification step (the webhook call) fires before any other steps that would sync the lead with other systems. For example, Sync to SFDC must not run if the reCAPTCHA fails, and any other fields that indicate a lead is "safe to sync" should not be set.

Abaran · ‎12-11-2017

Hi Sanford

Thanks for the reply. i am confused. I thought that SFDC sync with Marketo happens every 5 minutes. How do we prevent a sync in this case?

SanfordWhiteman · ‎12-11-2017

If a Marketo lead has never been synced before, then the 5 minute resync doesn't pertain to that lead.

Will_Etling · ‎11-26-2018

I'm experiencing this same issue as I write this. Overseas spam source seems to have begun using our Marketo instance url + Form ID to directly submit data into our Marketo database. In the past I've blocked these sorts of attacks using Javascript, usually just filtering out email domains that are entirely spam, like @qq.com. In this instance, even after adding checks for the bad domains, they are still flowing in at a rapid pace.

It would be wonderful if there was a blacklist or safety valve further up the pipeline, so I could prevent all these from flowing in to Marketo (and then further up the pipe into our CRM, etc.)

It would also be wonderful if the spam IP submission thresholds were user-editable, so I could set some limits that are sane and appropriate for the size of our business.

SanfordWhiteman · ‎11-26-2018

usually just filtering out email domains that are entirely spam, like @qq.com.

One of China's largest email providers != entirely spam.

The reason you see a lot of forged @qq.com addresses is that it's easy to create valid, or simply valid-looking, addresses at that domain because legitimate mailboxes there are all numbers (while no well-formed email address at any domain can actually be known to be valid/invalid just at a glance, this is made even clearer w/QQ because 123435@qq.com could be made-up and 123456@qq.com could be real).

If you don't get legit leads from overseas, that's an even stronger reason to use reCAPTCHA.

Will_Etling · ‎11-26-2018

Sanford Whiteman Fair point. Didn't mean to paint qq.com with too broad a brush - what I meant was, so far in our experience we have only received spam form submissions from that domain. As of this morning we've had thousands of them, all using the same data for other fields like First & Last Name.

We do get many legit leads from overseas, however, and are reluctant to implement reCAPTCHA (friction is friction!)

I don't mind dealing with an occasional burst of spam - I just wish I had a couple extra tools in my Marketo configuration toolbelt to filter/block them when it happens.

SanfordWhiteman · ‎11-26-2018

The idea of the invisible reCAPTCHA is that it's frictionless unless automated fingerprinting doesn't work.

As I responded on another thread, reCAPTCHA exists because no other technology works, and with major sites having adopted it, should be routine at this point.