I have a customer who for quite a long time has been going through an ongoing battle with spam on their contact forms.
We have been through reCaptcha v2 and v3 without success. v3 has significant issues with false positives and as a charity, they feel they are losing potential donors as a consequence.
We have implemented a honeypot and also a timestamp field to prevent bots and most recently they appear to be less bot and more human in their origination which makes this task even more difficult. There is a common theme in the posts as pretty much all contain URLs and this is where I am currently stumped! The customer has added the following regex ^(?!.*\.\S)(?!.*:\/\/).* to invalidate the textarea contents if it contains a URL. For me this works on the client-side and the server-side, so even if I disable javascript I still cannot get a submission to post successfully. So, how are they getting the forms through the validation? I've tried various methods of encoding the URLs but they either get blocked or do not appear as valid URLs in the submission like the ones the spammers submit.
Any ideas or recommendations would be appreciated.
Umbraco v7 - Umbraco Forms Spam
I have a customer who for quite a long time has been going through an ongoing battle with spam on their contact forms.
We have been through reCaptcha v2 and v3 without success. v3 has significant issues with false positives and as a charity, they feel they are losing potential donors as a consequence.
We have implemented a honeypot and also a timestamp field to prevent bots and most recently they appear to be less bot and more human in their origination which makes this task even more difficult. There is a common theme in the posts as pretty much all contain URLs and this is where I am currently stumped! The customer has added the following regex
^(?!.*\.\S)(?!.*:\/\/).*to invalidate the textarea contents if it contains a URL. For me this works on the client-side and the server-side, so even if I disable javascript I still cannot get a submission to post successfully. So, how are they getting the forms through the validation? I've tried various methods of encoding the URLs but they either get blocked or do not appear as valid URLs in the submission like the ones the spammers submit.Any ideas or recommendations would be appreciated.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.