Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Simon Dingley 1447 posts 3377 karma points c-trib
    1 week ago
    Simon Dingley

    Umbraco v7 - Umbraco Forms Spam

    I have a customer who for quite a long time has been going through an ongoing battle with spam on their contact forms.

    We have been through reCaptcha v2 and v3 without success. v3 has significant issues with false positives and as a charity, they feel they are losing potential donors as a consequence.

    We have implemented a honeypot and also a timestamp field to prevent bots and most recently they appear to be less bot and more human in their origination which makes this task even more difficult. There is a common theme in the posts as pretty much all contain URLs and this is where I am currently stumped! The customer has added the following regex ^(?!.*\.\S)(?!.*:\/\/).* to invalidate the textarea contents if it contains a URL. For me this works on the client-side and the server-side, so even if I disable javascript I still cannot get a submission to post successfully. So, how are they getting the forms through the validation? I've tried various methods of encoding the URLs but they either get blocked or do not appear as valid URLs in the submission like the ones the spammers submit.

    Any ideas or recommendations would be appreciated.

Please Sign in or register to post replies

Write your reply to: