Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alicia Butler 10 posts 101 karma points
    Sep 30, 2019 @ 10:34
    Alicia Butler
    1

    Umbraco Forms spam

    We're using Umbraco forms 6.0.2 on Umbraco 7.6.3

    Our forms are using the Google recaptcha but we have recently started getting loads of spam on the forms

    Does anyone have any suggestions for blocking the spam please? Has anyone had experience with recaptcha 3 on Umbraco Forms?

  • Shaishav Karnani from digitallymedia.com 354 posts 1638 karma points
    Sep 30, 2019 @ 11:19
    Shaishav Karnani from digitallymedia.com
    0

    Hi Alicia,

    Google Recaptcha 3 works fine and below is the package that we built for v8 using Recaptcha v3 for Umbraco Forms.

    https://our.umbraco.com/packages/website-utilities/recaptcha-v3-for-umbraco-forms/

    Cheers, Shaishav

  • Alicia Butler 10 posts 101 karma points
    Oct 10, 2019 @ 20:30
    Alicia Butler
    1

    Your plugin looks amazing - shame we're still on V7 :(

  • Liam Dilley 172 posts 402 karma points
    Dec 11, 2020 @ 03:30
    Liam Dilley
    0

    I have a part solution for Umbraco 7 Forms. If you have a Message field and the spam you get are spam with links in them you can go into the field validation:

    And add the following regular expression: ^((?!href).)*$

    It actually is a "Does not contain" expression for href.

    enter image description here

    I have tested this and it appears to be working.

  • Anthony Southworth 46 posts 173 karma points
    Jan 04, 2022 @ 16:50
    Anthony Southworth
    0

    I have modified this to work with multiline textareas and to check for links rather than the html tag:

    ^((?!http).|\n)*$
    
  • SteveV 54 posts 240 karma points
    Oct 10, 2019 @ 21:35
    SteveV
    0

    Does Recaptcha still work on your outdated version of Umbraco Forms? You should update Umbraco to version 7.15.3 and Umbraco Forms to 7.1.1. Since v7.0.1 there is support for Recaptcha V2.

  • Liam Dilley 172 posts 402 karma points
    Jan 04, 2022 @ 22:55
    Liam Dilley
    0

    This is not actually the issue. The issue is around the older recapthca which at this stage is V2. This does not stop spam and there are several methods to bypass it now. That is why 3 exists and those Umbraco form versions do not support it.

  • RyanW 33 posts 148 karma points
    Jan 06, 2022 @ 10:31
    RyanW
    0

    I don't know if this will help on Umbraco Forms, as we create our own bespoke emailer and i'm not too familiar with the degree of control you have. So apologies if i'm off the mark.

    We've had similar issues with V2 Recaptcha and have a little trick to defeat spam bots in particular. Bots will likely be the culprit of 99.9% of all spam you're receiving.

    Essentially; add a new text area / form field but give it the following properties.

    style="position: absolute; left: -5000px;" aria-hidden="true"

    In other words, won't be visible and will have no visual impact for your ordinary human users. So it'll never be filled out, right? .... Well, a bot designed to programmatically fill out and spam every single field will still find it. That's one thing they're very good at, they don't have eyes, they need to use the code to interpret all the form fields so stylying is irrelevant to them. That's the trick. Then, simply validate against it being empty. If filled out, then do not submit the form BUT give them the same results as if they were sucessful. A redirect or success message, whatever. Just to ensure more sophisicated bots don't attempt to defeat it if you fail it as a validation error.

    Extremely sucessful in all our implementations and very, very simple. Have even managed to do this for Umbraco 6 sites and ancient emailers I wouldn't even know how to replicate nowadays. There's all sorts of spam bots out there. Some extremely dumb ones that ReCaptcha is perfect for. More sophisicated ones designed to behave like humans. Some are link spamming, some are purely spam. (Have you seen the bots that send 5 words of a wikipedia article at a time over and over and over?) but they all have the same, easily exploited goal. To fill out a huge text area which they interpret as the message area.

    Cherry on top? Get rid of that absolutely god awful, human-unfriendly reCaptcha checkbox. It's just an ordinary form with no extra steps. Beauty in simplicity.

    These spam bots are targetting ReCaptcha and constantly evolving. A bespoke anti-spam solution like this won't even be on their radar to evolve to defeat to defeat in the first place!

  • Anthony Southworth 46 posts 173 karma points
    Jan 07, 2022 @ 12:57
    Anthony Southworth
    2

    To use this approach you can target the form field id with css:

    #d6d0e73c-3046-49aa-933d-2e91e336c5db { display: none; }
    

    Then use this regex to check if the field is completed:

    ^(?s).*$
    

    It's not the best solution because an editor without coding skills isn't going to be able to use it but it will do until you can upgrade your site to use Recaptcha v3.

  • Amir Khan 1287 posts 2744 karma points
    Feb 02, 2023 @ 20:30
    Amir Khan
    1

    If anyone runs into a field id starting with a number, this will help you out: https://css-tricks.com/ids-cannot-start-with-a-number/

Please Sign in or register to post replies

Write your reply to:

Draft