PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Spam is killing my forms

  1. brianc

    So this is a problem that can obviously be curbed by recaptcha. The problem with recapcha is its a conversion killer and I dont like using it.

    Has GF come up with a way to simply not allow any '[url=' to be placed in a comment field (as thats where the software trys to inject the links)?

    I think it would be very easy to remove all this spam from my sites if you built in some logic to not allow the characters [url= or [link= to be placed in a comment box.

    There is obviously some sort of widespread software that folks are using as this happens on 15+ sites of mine and its now getting to the point where it happens a lot.

    Would love to hear your guys thoughts on how to best curb this and if you are thinking about building in some capability into gravity forms core to remove this.

    Posted 11 years ago on Thursday October 21, 2010 | Permalink
  2. Are you using the spam honeypot feature in the 1.4 release? It is an option under Form Settings in the Advanced tab.

    The spam honeypot adds a field to your form that is only visible to automated bots and uses a friendly name that entices them to fill in a value... if the field is populated then the entry isn't stored. So if a spam bot enters data into that honeypot field, it prevents the spam from saving.

    This can cut down on automated spam. However keep in mind that some spam is farmed out to places like India and China where people are actually used to submit the forms. In that case, no automated method really works.

    Oddly enough we never get any spam on our forms. Some of them use reCaptcha, some of them don't. I guess it depends on what type of site it as far as spammers wanting to target your forms.

    Posted 11 years ago on Thursday October 21, 2010 | Permalink
  3. AngelinaC

    I have created my first form in gravity - I saw this - but now that I found your explanation - I can't find it again - where is the honeypot?

    Posted 11 years ago on Thursday October 21, 2010 | Permalink
  4. brianc

    I am with angelinac on this one. Cant seem to find the advanced tab.

    I am using a WP 2.9 and have upgraded to GF.


    and I just found it...

    seems to clarify you need to navigate to the individual form, not the main GF settings page. Then click form settings once inside the 'edit form page' then check 'Enable anti-spam honeypot'

    Posted 11 years ago on Thursday October 21, 2010 | Permalink
  5. The Form Settings are the settings for a specific form, you access them by editing the form in question and then either clicking Form Settings in the top right next to the Help link or the primary way to access it is to hover over the Form Title/Form Description area and click Edit.

    See this screenshot:

    The Anti-Spam Honeypot option is the 2nd to last option under the Advanced tab.

    Posted 11 years ago on Thursday October 21, 2010 | Permalink
  6. brianc

    Unfortunately that doesn't really work as it adds another field below the comment box. Not exactly best from a conversion standpoint.

    I went ahead and hid it with CSS, however.

    Effectively will it still accomplish the same thing?

    I am assuming a bot looks at code and doesn't necessarily look at CSS or front end design. Therefore the bot will try to submit the field still, but users wont get nagged with it.

    Isn't that the idea of it in the first place? Its not really clear in your support documentation.

    Thanks for clarifying.

    Posted 11 years ago on Sunday October 31, 2010 | Permalink
  7. A bot looks at code and the name of the fields. It looks for easy targets such as "name", "email, "comments", etc. The order of the fields aren't going to matter if it's a bot because it's going to scan through all fields and fill in fields with names/ids/labels it thinks are valuable.

    The bot will see the honeypot field, think it is important and fill it in. But the field should be left blank, and it's hidden from people so for users it will be left blank. Which is the purpose of the honeypot field.

    Posted 11 years ago on Monday November 1, 2010 | Permalink