Blank Form Submissions by Spam Bots | Community
Skip to main content
A
Anonymous
June 15, 2011
Need info

Blank Form Submissions by Spam Bots

  • June 15, 2011
  • 30 replies
  • 9494 views
We need a better way to handle Spam Bots filling out our forms.  They are bypassing javascript validation, and we are incurring conversion costs.  

    30 replies

    Steven_Vanderb3
    Steven_Vanderb3
    New Participant
    November 3, 2020
    No text available
    K
    kh-lschutte
    New Participant
    February 7, 2020
    No text available
    Josh_Hill13
    Josh_Hill13
    New Participant
    February 22, 2018

    This is now a set of Treasure Chest Beta options.

    A
    Anonymous
    May 16, 2013
    So some background

    1. Most bots do not go through the effort to processing javascript on a browser page because it requires more (way more) memory and processing cpu time per connection.  They generally will find a form and then use a looping script to insert data into the form to overload or saturate the backend.  The goal is usually an SQL injection or buffer overrun to gain access to the backend or or denial of service attack to prevent visitors from using the service.

    2. So by moving a honeypot field into javascript, you will be able to prevent form spammers who won't take the time to attack using these methods. To add a layer of complexity, you could use javascript to add and additional hidden field to the form dynamically and process its value.
     

    A honeypot/honeytrap is a well-used security term used to describe a method of trapping and preventing security holes.  I am preverting the term slightly for this case in trapping spammers.
     
    Methodology:
    • create a custom field in Marketo, it really doesn't matter the type but using a number makes it easy
    • write some javascript for the page with the form, my preferred library is to use jquery, that will
      • add a hidden input using your honeypot fieldname to your form with a default value, such as zero (0)
      • hook (bind) the visible input fields using the onBlur or onChange events in javascript to then update the value of the  honeypot field to one (1)
    • upon form submit, build a receiving campaign in Marketo to check if the honeypot field is not 1 then the lead is most likely a spammer and you could then delete it, quarantine it to a list or whatever else you deem appropriate.  There are a select few internet crazies who don't run javascript on their browsers and unless you are in the security or software development markets you shouldn't have to worry about this.

    OnBlur event is a javascript event trigger that fires when the field currently highlighted moves (or loses focus) to the next one.


    A
    Anonymous
    May 16, 2013
    Eric, can you please be more specific about the option you offered?
    A
    Anonymous
    May 7, 2013
    Any solution to this?
    A
    Anonymous
    April 26, 2013
    Subscribing. This is becoming a real problem for us.
    A
    Anonymous
    January 4, 2013
    Subscribing. It's odd that these bots seems to target some forms more than others.
    A
    Anonymous
    November 20, 2012
    @Eric what is an "onblur" event? I'm not particularly Javascript-savvy but this sounds like it would be a great solution for us.

    Many thanks,
    Hoi
    A
    Anonymous
    November 20, 2012
    Subscribing to this idea/thread.
    Show more replies
    Terms & ConditionsAccessibility statement

    Loading footer...