AnsweredAssumed Answered

Bot Attack not Blocked by reCaptcha

Question asked by Idan Haim on Apr 8, 2019
Latest reply on Apr 9, 2019 by Sanford Whiteman

We experience a bot attack on one of our Marketo forms, which creates fake leads in our database.

The form does have a reCaptcha and 'honeypot' in place to prevent bot submissions, but a large number of fake bot leads still manage to get in.


A possible cause for that is that our prevention measures are blocking bot traffic from submitting the forms while loading the website, but it is still possible for the bot to attack from the server side and simulate form submission without visiting the website.

Marketo doesn't have any built-in option to block this kind of behavior excepts completely deleting the form.

So the current plan is:


  1. Clone the form
  2. Locate all the places this form is installed on and replace it with the new form
  3. Delete the old form in Marketo


The issue with this solution is that nothing prevents the attack from resuming once the new form ID is identified and targeted.

Since Marketo doesn't provide any OOTB solution to bulk change forms in multiple locations, when that happens it will have to be done manually.


For those reasons, before committing to this far-from-perfect strategy I wanted to see if there are any other potential solutions that I am unaware of.

Any suggestions how to solve this?