The JetRails Podcast: Your guide to eCommerce, digital marketing, and website technology ❯

    We can help you. Right now.
    Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
    Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]









    Call us at:1 (888) 997-2457

    How to Block Form Submission Spam

    How to Block Form Submission Spam

    Whenever you add forms to your websites like contact forms or registration forms, spammers won’t be far behind. As spam submissions grow, so does the time it takes you to sift through the junk that’s being sent to you through your website. 

    As web hosts, this topic is not unusual to us – we help site owners cut down on spam submissions all the time. Bad submissions don’t generally go down to zero, but by blocking known spammers and certain types of bots, these nuisance submissions can be greatly reduced.

    It’s important to understand that while some spam submissions are manual, most are automated. Since most people simply delete spam, these efforts have a very low conversion rate for the spammers so it’s not cost-effective for spammers to engage in manual submissions. 

    It’s equally important to understand the goals of these submissions. Some form submissions are from scammers and hackers that want you to click a link or reach out so that they can engage in nefarious activities. Others think that this is a good way to connect with you to engage in legitimate business. In all cases, there’s money on the line, so spammers are motivated to get past your defenses. 

    The healthiest plan is therefore to keep your security practices up-to-date to protect against known spammers, frequently submitted spam content, and automated submission tools that spammers utilize. This typically includes working with your web host and web developers to react to new or spam sources.

    With all of that in mind, here are some tried and tested techniques that can help decrease spam submissions through your web forms:

    1) Web Application Firewalling (WAF)

    A good WAF is more affordable (and much more necessary) than the average website owner realizes. When properly configured and managed, it can block many types of threats, including IP addresses that are known to be used for malicious activities. 

    2) Bot Mitigation

    While this is sometimes provided by advanced WAF solutions, there are standalone bot mitigation tools too. These solutions are typically built for enterprise use cases, but the number of providers continues to grow. They can help stop everything from ad fraud and content scraping to carding and scalping attacks. Examples include PerimeterX and DataDome, but there are many more companies like Cloudflare that offer competing solutions as part of a more robust WAF solution. When in doubt, ask your web host for advice on what will work best as part of your web hosting security stack.

    3) Blocking IPs and Regions

    Chances are that a good percentage of attacks on your site are not being launched from domestic web servers. That means that in some cases, you can greatly reduce the volume of attacks on your site by simply blocking traffic from regions of the world that you don’t service. For instance, if you don’t do business with clients in China or Russia, simply having your host configure your firewalls to block traffic from those locations can greatly diminish attacks on your site.

    4) Captcha / Ask a Question

    This is a common solution, but not one of the best solutions. When someone is trying to fill out a form on your website, the last thing they want to do is prove to a server that they are indeed not a robot. Whether it’s asking users to select images, answer a question, or even solve a simple math problem, asking your site visitors to use more time to solve your spam problems is inconvenient, and may lead to lower conversion rates.

    5) Honeypots / Invisible Captcha

    Rather than asking real users to prove that they are human, a better solution is to add form fields in the coding of your website that are invisible on the frontend of your site. If such fields are filled out during a form submission, that submission was obviously made by a bot and can be discarded automatically.

    6) Require Users to Login

    There are some use cases where you can force a user to be logged in to get access to a form. This makes sense, for instance, if you have an eCommerce website and you want to force users to login in order to leave a product review. You may still need to worry about your registration page being spammed though, so while this approach can be helpful, it’s not a one-size-fits-all solution.

    7) Platform-specific Solutions 

    There are many settings and add-ons that you can consider that are specific to eCommerce platforms like Magento and WordPress plugins like Contact Forms 7, PWForms, Ninja Forms, Formidable, and Gravity Forms. 

    Examples include:

    With so many possible approaches to take, it’s recommended to have your web developers and web host work closely together in order to make sure that complementary solutions are being deployed. For example, if your WAF includes certain bot protections, you may not need to install a separate add-on in your website to address the same thing. In practical terms, if your WAF can block bots that submit a form in less than 3 seconds, you don’t need a plugin to do the same thing.

    About The Author
    Robert Rand
    Director of Partnerships & Alliances

    Robert was CTO of a successful digital agency up through its acquisition and has spent years heading up partnerships on behalf of JetRails. He’s passionate about helping businesses of all sizes overcome obstacles. He’s a frequent guest author and speaker in the industry, a top solution author in communities like the Magento Forums and Quora, and is also the host of The JetRails Podcast.

    Get A Free Consultation From The JetRails Team

    Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

      More Articles
      The Top Reasons Data Migrations to Magento 2 Fail
      View Article
      Magento 2.3.7 and Magento 2.4.2-p1 Release Highlights
      View Article
      JetRails Named a Top Cybersecurity Company in 2021
      View Article