Support » Plugin: Constant Contact Forms » Google ReCaptcha is active but not preventing spam

  • Resolved SteveAx

    (@steveax)


    Last night we started getting MANY ‘people’ joining through the website. Obviously they were spam… so I implemented the Gpoogle ReCaptcha on the form but that has really not slowed anything down at all on the spam entries… I have had to deactivate the plugin to stop the issue. Is there ANYTHING I can do to fix this problem because there is really no way I can use this if it continues.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 33 total)
  • Plugin Author Constant Contact

    (@constantcontact)

    Good day Steve,

    For our information, do you have a ballpark figure for how many were ending up submitting to the form? Also can you provide an example or two of what the resulting entries looked like?

    I know we have a number of intended spam prevention methods in place already, and also always on the lookout for more that we could add to the process to help ward off spam. Examples I know of that are there by default are a honeypot field that’s meant to be left un-set, as well as a “timer” where if the form is submitted within 5 seconds or so of the page rendering, the submission gets rejected as well. Lastly, when the API credentials are set, we have implemented the Google “I am human” reCAPTCHA.

    While the first two are very much in our control, and easy to confirm in the plugin whether criteria is met, the part that we have no control over is what the reCAPTCHA returns for its found results. We hope when it’s used, it definitely fends off at least some spam, but if some bots out in the wild have found ways to get around Google’s stuff, then there isn’t much we can do with that part. Part of why we don’t consider spam prevention measures completed by any means, it’s always ongoing.

    Looking forward to hearing about some info regarding my questions at the very start, to potentially help in any way we can.

    okat.. yesterday before I set-up the ReCaptcha there were 60+ entries in a period of just under 4 hours… this site gets 1 to 2 entries a month prior to that… so I deactvated it until I could set-p the ReCatcha today… in the hour I had it live there were 9 entries…
    Here are a couple of the emails I received:
    ——
    Congratulations! Your Constant Contact Forms plugin has successfully captured new information:
    Email:
    Don’t forget: Email marketing is a great way to stay connected and engage with visitors after they’ve left your site. When you connect to a Constant Contact account, all new subscribers are automatically synced so you can keep the interaction going through emails and more. Sign up for a Free Trial on the Connect page in the Plugin console view.
    —–
    Congratulations! Your Constant Contact Forms plugin has successfully captured new information:
    Email:
    Don’t forget: Email marketing is a great way to stay connected and engage with visitors after they’ve left your site. When you connect to a Constant Contact account, all new subscribers are automatically synced so you can keep the interaction going through emails and more. Sign up for a Free Trial on the Connect page in the Plugin console view.
    —–
    Congratulations! Your Constant Contact Forms plugin has successfully captured new information:
    Email:
    Don’t forget: Email marketing is a great way to stay connected and engage with visitors after they’ve left your site. When you connect to a Constant Contact account, all new subscribers are automatically synced so you can keep the interaction going through emails and more. Sign up for a Free Trial on the Connect page in the Plugin console view.
    —–
    Congratulations! Your Constant Contact Forms plugin has successfully captured new information:
    Email:
    Don’t forget: Email marketing is a great way to stay connected and engage with visitors after they’ve left your site. When you connect to a Constant Contact account, all new subscribers are automatically synced so you can keep the interaction going through emails and more. Sign up for a Free Trial on the Connect page in the Plugin console view.
    —–

    Regarding the spam prevention things you mention, how do I set-up a honeypot field?

    Thank you,
    Steve

    • This reply was modified 2 years, 11 months ago by Jan Dembowski.
    • This reply was modified 2 years, 11 months ago by Jan Dembowski. Reason: Removed emails

    So I couldn’t post the emails I guess… not sure what you need from me when you ask “Also can you provide an example or two of what the resulting entries looked like” pease advise.
    Steve

    Any one have any suggestions?

    Plugin Author Constant Contact

    (@constantcontact)

    regarding the email sharing part, perhaps just examples of the portions before the @ would provide enough context. For example if they look potentially legitimate, or if it looks like obvious spam. Also did the form have more than just an email field? or did you include spots for names? Regarding entries, this would be similar questions to just info about the email/names coming in, that may or may not have made it to your constantcontact.com account and associated list.

    The honeypot/timer based items are there by default, and not something we have toggleable, so you can’t turn them off.

    okay…

    These are from a popular domain starting with ‘Y’
    pfarcon
    slatertm
    april_marsaglia

    These are from a popular domain starting with ‘G’
    johnnytrandds

    From other various domains:
    fm811
    capelliskating

    Thata a sampling… there is only an email field on the form being submitted… what can I do to fix this?

    Steve

    Plugin Author Constant Contact

    (@constantcontact)

    At this point, there’s not much else that we can do, as all of the currently available spam prevention methods with the plugin are already being utilized. We could perhaps increase the time difference needed to hopefully deter the spam, say the form can only be submitted after 15-30 seconds or higher since page load, but we can’t guarantee that that’ll work.

    Perhaps an option to set a longer delay?

    What about tougher captcha? Currently all that the Google decays seems to do on the form is require a click on the checkbox… what about one with a test of some sort? I’ve seen cluck the boxes with cars in it, or just the old enter the characters shown… something… thoughts?

    Plugin Author Constant Contact

    (@constantcontact)

    Before we provide an option to dictate he length of delay, we’d want to try it out and see if that actually helps. If you’re willing to help test the idea, we’d happy provide a hotfixed version. Let us know.

    We purposely chose the captcha version in place because we wanted to make things as seemless as possible for the actual humans. The versions where you click boxes with cars or signs or buildings etc is part of the “I am human” version when they feel they need a bit extra proof. We would need to work out and develop alternative captchas for a future release, if we decide to pursue that route.

    I would be happy to test a hotfix of this… just tell me what I need to do.
    Thanks,
    Steve

    Plugin Author Constant Contact

    (@constantcontact)

    Please give this version a try: https://www.dropbox.com/s/8tu99t6knk11whz/constant-contact-forms-spam-timer-hotfix.zip?dl=0

    It has increased the span of time to be more than 30 seconds in order to not be considered spam.

    If you’re uploading the zip file via the WP admin installer, you will potentially encounter errors regarding the folder already existing, which means you would need to delete the plugin first, before trying again. That’s fine, and your existing form(s)/settings should not be lost.

    If you’re uploading via FTP, then the above is not really an issue, and you’d just need to make sure to overwrite what’s already there.

    OKay just installed it and will advise on if I continue to see spam entries. Thank you!
    Steve

    I don’t understand why this isn’t working…

    Implemented hotfix it at 7:03pm

    Spam entries at (so far)
    10:20 pm
    10:41 pm
    11:01 pm
    11:23 pm
    11:44 pm
    12:05 pm
    12:26 am
    12:49 am
    1:10 am
    1:32 am

    So it hasn’t corrected the issue… are there any other things I can try?

    Also interestingly I noticed that the tests I have done by submitting one of my email addresses, eventhough it says I will receive an email to follow to confirm, I have not received any emails like that… I am only recieving the “Great News: You just captured a new visitor submission” emails… there have been no additions to my actual constant contact list since I launched this plug-in.
    Steve

    Plugin Author Constant Contact

    (@constantcontact)

    At this point, all of the spam solutions we have implemented and available to the plugin have been exhausted. It seems that whatever the source of this spam is, knows how to get through things or at least does not raise any flags.

    Definitely not the best solution, but I do wonder if putting it behind a logged in status would help. That, however, has the hard requirement of having a membership site of some sort, which may not be the case for you.

    Regarding the last message, for the moment at least that could be considered a good thing, because it means the actual list doesn’t need to be cleaned up. However, on the flip side, it also means that the form isn’t successfully submitting to the API for some reason, to add legit humans. It’d be something we want to debug once the spam issue is resolved somehow.

Viewing 15 replies - 1 through 15 (of 33 total)
  • The topic ‘Google ReCaptcha is active but not preventing spam’ is closed to new replies.