Bitrix spam in forms of standard component

One of the projects written in BUS implemented feedback forms through the standard  component.

On top of this we used JS field validation, a phone mask based on jquery.maskedinput.js and Google Captcha 2.0 which was initialized and enabled via the form component settings.

We encountered the fact that spam was coming into the feedback forms every day, which bypassed all our validators and passed the captcha.

Having analyzed the situation & Bitrix spam

 

We agreed that these are bulk mail masters spam mailings, despite the presence of Captcha. Bots have long learned to bypass captcha by filling it in, this is not a secret, but from interesting features we noticed that the “Phone” field contains letter values, which means that our validator and mask do not work.
The idea that bots load the page without JS seemed dubious, because without verification of the captcha, the form is not sent.

The case is as strange as it would seem, with JavaScript – the bot will encounter validation and masks, without JavaScript – it will not see the captcha, and therefore will not be able to send data.
We decided not to look for logic where there is none – we began to go through different options for additional form protection. First, we implemented validation and masks in the page body, it did not help.
We hung Recaptcha 3, it did not help.
We wrote a validator inside Bitrix, used patterns – it did not help.

Spam decreased when we added an invisible field with the value required and disabled. And used scripts to remove the mandatory filling (required attribute).
That is, for a regular visitor, the form will be sent without problems. In addition, he will not see this field, but for a bot without JS. Besides, there will be a mandatory field that is disabled. In addition, which means the submit button is inactive.

 

Bitrix spam how to stop spam

The final solution is to add invisible fields (NOT display none. Besides, which bots can detect, but invisible due to styling) to all forms, when filling them. Besides, out we understand that this is spam and the data is not sent to the mail.
The code must be placed , email marketing: supercharging your email marketing campaigns it will work. On absolutely all forms called using the bitrix :form component

First, we added styles for our field. In addition, then we found the WEB_FORM_ID field (it is in every form made on the standard component) and added an input next to it called last_name (last name), for bots this field is also a priority. In addition, which means the chance that it will be filled in is high.

Next, after clicking the “send” button, b2b fax lead but before sending by the server, using the onBeforeResultAdd event. In addition, we check the last_name field to see if it is filled in. If it is filled in, ThrowException, the letter was not sent.

As a result, not a single spam letter for a week, despite attempts.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top