A number of our clients have reported a marked increase in spam web form submissions over the past couple of months. Business Catalyst offers a number of anti-spam facilities that can be implemented relatively easily to help prevent or reduce spam.

What's the Deal with Web Form Spam, Anyway?

We're all familiar with email spam. Your email address gets into the wrong hands and the next thing you know, your Inbox is filling up with ten's (if not hundreds) of unsolicited emails. A real time-waster, but most modern Internet-based email systems (like Gmail) now auto-detect spam very well, so it's not as much of a problem as it was in years gone by.

Web form spam is another thing entirely. Generally, the culprits of web form spam are "bots" - as opposed to greasy, teenage geeks hunched over their computers in a dark basement. Bots are computer programs specifically designed to scour the Internet looking for web forms to fill out and submit. Why? There are a number of possible reasons:

1. Attempting to post spammy content: Some websites allow visitors to publish content (forum or blog comments, etc) by submitting a web form. Filling out these forms enables spammers to post links to their own (or others') websites. Remember our October newsletter on rogue SEO companies? This technique can be employed by outfits offering "link-building" services. People who are paying for services like this are very likely contributing to the spam problem.
2. Probing for vulnerabilities: It's possible to hijack a mail server via a web form and subsequently use it to transmit email spam.
3. Being a nuisance: Highly unlikely. Once upon a time, spam and viruses were the work of loser geeks on a power trip. Nowadays, they're generally the product of criminal gangs or serious outfits looking to make a profit.

Web Form Spam Solutions on Business Catalyst

There are a number of solutions available for websites hosted with Business Catalyst:

Anti-bot Fraud Protection: This module creates an input field that is invisible to human users but is seen (and filled with data) by spam bots. Any form that is submitted with data in the invisible field is automatically rejected. All new web forms (2013 onwards) automatically include this module but it can be easily added to older forms. We recommend implementing this module as the first step in fighting web form spam.

Image Verification (CAPTCHA): This module creates an image verification field that must be completed by the user in order for form submission to succeed. There are two levels of protection with this module - an easy-to-read image (which is also more easily interpreted by spam bots) and a harder-to-read version (harder for the human user but also harder for the spam bot).

If you have Anti-bot Fraud Protection (above) implemented on your web forms, but are still receiving spam, we recommend Image Verification as the next step.

If you already have Image Verification set up and are still receiving spam, you can implement the harder-to-read version from the BC Admin panel as follows:

1. Navigate to Site Settings > Captcha
2. Select Harder to read, but more secure
3. Hit Save

Google's reCAPTCHA: This is Google's own CAPTCHA module which has been integrated into BC. It works on the same principle as BC's native CAPTCHA but comes equipped with an audio option and refresh capabilities. The primary disadvantage of this module is that it lacks flexibility and is very difficult to resize and style.

Please contact us if you would like any of the above modules implemented on your site's web forms.