to create and rate content, and to follow, bookmark, and share content with other members.
Spam attacking Forms
Question asked by
on Feb 23, 2014
on Feb 24, 2014 by 8442
Show 0 Likes
My marketo forms are getting spammed. I think it is a botnet since it comes in spikes and most seems to be from Florida. Is there any way to block or filter this? I understand captcha isn't an option with marketo forms.
No one else has this question
Mark as assumed answered
This content has been marked as final.
Show 2 comments
(Required, will not be published)
Feb 23, 2014 6:08 PM
Marketo has a built in protection via a hidden field called marketo_comments. Basically if this gets filled out by a bot it does not allow the form to submit. Since that is not working for you... you could test asking a basic question like like what is 1+1 and if their answer does not match it would delete the lead.
Do yourself a favor and take a look at these spam records and see if you can find any additional similarities (besides being from Florida) between them e.g. inferred company.
Hope that helps!
Show 0 Likes
Feb 24, 2014 1:23 AM
Marketo implements a native mechanism that is very standard across the industry. You will find nearly identical implementations in Salesforce, SugarCRM, Oracle, SAP, Amazon, Google and many more.
Spambots are and will remain an annoyance in the foreseeable future. It is just like vandals in the real world.
Combating spambots is a cat and mouse game: we create mechanisms to deflect or deter them, they explore new ways, come back again until another door is closed and that goes on. They tend to target database driven websites because they know that is where it is going to cause most inconveniences.
An extremely simple yet very effective solution is adding noscript tag.
Open the landing page being attacked, click "Landing Page Actions" on the top right corner and select "Edit Page Meta Tags"
Enter the following extract on Custom head HTML - replace www.example.com with your homepage or any URL, including an invalid to force HTTP 404:
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=
Show 1 Like
Retrieving data ...
February MUG Follow-Up
How accurate is the geolocation targeting
Custom Deduplication Rules Not Being Followed
Calculate number of years based on a date field
Filter out the list of leads who failed to sync to SFDC