I have a part solution for Umbraco 7 Forms.
If you have a Message field and the spam you get are spam with links in them you can go into the field validation:
And add the following regular expression:
^((?!href).)*$
It actually is a "Does not contain" expression for href.
Does Recaptcha still work on your outdated version of Umbraco Forms? You should update Umbraco to version 7.15.3 and Umbraco Forms to 7.1.1. Since v7.0.1 there is support for Recaptcha V2.
This is not actually the issue. The issue is around the older recapthca which at this stage is V2. This does not stop spam and there are several methods to bypass it now. That is why 3 exists and those Umbraco form versions do not support it.
I don't know if this will help on Umbraco Forms, as we create our own bespoke emailer and i'm not too familiar with the degree of control you have. So apologies if i'm off the mark.
We've had similar issues with V2 Recaptcha and have a little trick to defeat spam bots in particular. Bots will likely be the culprit of 99.9% of all spam you're receiving.
Essentially; add a new text area / form field but give it the following properties.
In other words, won't be visible and will have no visual impact for your ordinary human users. So it'll never be filled out, right? .... Well, a bot designed to programmatically fill out and spam every single field will still find it. That's one thing they're very good at, they don't have eyes, they need to use the code to interpret all the form fields so stylying is irrelevant to them. That's the trick. Then, simply validate against it being empty. If filled out, then do not submit the form BUT give them the same results as if they were sucessful. A redirect or success message, whatever. Just to ensure more sophisicated bots don't attempt to defeat it if you fail it as a validation error.
Extremely sucessful in all our implementations and very, very simple. Have even managed to do this for Umbraco 6 sites and ancient emailers I wouldn't even know how to replicate nowadays. There's all sorts of spam bots out there. Some extremely dumb ones that ReCaptcha is perfect for. More sophisicated ones designed to behave like humans. Some are link spamming, some are purely spam. (Have you seen the bots that send 5 words of a wikipedia article at a time over and over and over?) but they all have the same, easily exploited goal. To fill out a huge text area which they interpret as the message area.
Cherry on top? Get rid of that absolutely god awful, human-unfriendly reCaptcha checkbox. It's just an ordinary form with no extra steps. Beauty in simplicity.
These spam bots are targetting ReCaptcha and constantly evolving. A bespoke anti-spam solution like this won't even be on their radar to evolve to defeat to defeat in the first place!
Then use this regex to check if the field is completed:
^(?s).*$
It's not the best solution because an editor without coding skills isn't going to be able to use it but it will do until you can upgrade your site to use Recaptcha v3.
Umbraco Forms spam
We're using Umbraco forms 6.0.2 on Umbraco 7.6.3
Our forms are using the Google recaptcha but we have recently started getting loads of spam on the forms
Does anyone have any suggestions for blocking the spam please? Has anyone had experience with recaptcha 3 on Umbraco Forms?
Hi Alicia,
Google Recaptcha 3 works fine and below is the package that we built for v8 using Recaptcha v3 for Umbraco Forms.
https://our.umbraco.com/packages/website-utilities/recaptcha-v3-for-umbraco-forms/
Cheers, Shaishav
Your plugin looks amazing - shame we're still on V7 :(
I have a part solution for Umbraco 7 Forms. If you have a Message field and the spam you get are spam with links in them you can go into the field validation:
And add the following regular expression: ^((?!href).)*$
It actually is a "Does not contain" expression for href.
I have tested this and it appears to be working.
I have modified this to work with multiline textareas and to check for links rather than the html tag:
Does Recaptcha still work on your outdated version of Umbraco Forms? You should update Umbraco to version 7.15.3 and Umbraco Forms to 7.1.1. Since v7.0.1 there is support for Recaptcha V2.
This is not actually the issue. The issue is around the older recapthca which at this stage is V2. This does not stop spam and there are several methods to bypass it now. That is why 3 exists and those Umbraco form versions do not support it.
I don't know if this will help on Umbraco Forms, as we create our own bespoke emailer and i'm not too familiar with the degree of control you have. So apologies if i'm off the mark.
We've had similar issues with V2 Recaptcha and have a little trick to defeat spam bots in particular. Bots will likely be the culprit of 99.9% of all spam you're receiving.
Essentially; add a new text area / form field but give it the following properties.
style="position: absolute; left: -5000px;" aria-hidden="true"
In other words, won't be visible and will have no visual impact for your ordinary human users. So it'll never be filled out, right? .... Well, a bot designed to programmatically fill out and spam every single field will still find it. That's one thing they're very good at, they don't have eyes, they need to use the code to interpret all the form fields so stylying is irrelevant to them. That's the trick. Then, simply validate against it being empty. If filled out, then do not submit the form BUT give them the same results as if they were sucessful. A redirect or success message, whatever. Just to ensure more sophisicated bots don't attempt to defeat it if you fail it as a validation error.
Extremely sucessful in all our implementations and very, very simple. Have even managed to do this for Umbraco 6 sites and ancient emailers I wouldn't even know how to replicate nowadays. There's all sorts of spam bots out there. Some extremely dumb ones that ReCaptcha is perfect for. More sophisicated ones designed to behave like humans. Some are link spamming, some are purely spam. (Have you seen the bots that send 5 words of a wikipedia article at a time over and over and over?) but they all have the same, easily exploited goal. To fill out a huge text area which they interpret as the message area.
Cherry on top? Get rid of that absolutely god awful, human-unfriendly reCaptcha checkbox. It's just an ordinary form with no extra steps. Beauty in simplicity.
These spam bots are targetting ReCaptcha and constantly evolving. A bespoke anti-spam solution like this won't even be on their radar to evolve to defeat to defeat in the first place!
To use this approach you can target the form field id with css:
Then use this regex to check if the field is completed:
It's not the best solution because an editor without coding skills isn't going to be able to use it but it will do until you can upgrade your site to use Recaptcha v3.
If anyone runs into a field id starting with a number, this will help you out: https://css-tricks.com/ids-cannot-start-with-a-number/
is working on a reply...