Our security partners have been reporting an increase in malware attacks across the internet and Rainmaker Platform customer sites too. If you’ve been seeing more spam in your comments and form submissions, this State of the Platform is for you.
You might wonder why anyone would take the time to submit junk form submissions or write a spambot to fill out forms on websites. Unfortunately, on unmanaged or insecure sites, they work. The goal of site spam is to either identify a site vulnerability that enables the site to be used as an email relay or for more serious exploits. A less serious but more common goal is to create submissions with links that are publicly visible that generate back links to other sites.
Rainmaker Platform users don’t need to worry about the more serious implications of site spam but these submissions can still waste resources and time.
Here’s what you can do to eliminate site spam …
Ways to Combat Site Spam
First and foremost, the following recommendations are based on Rainmaker Platform, but the principles behind them can be applied to any website or CMS solution.
Fighting site spam is a battle. Spambots are learning how to deal with standard forms and some can still submit with a basic form. The countermeasure is to include something in the form that will confuse the bot. This is commonly referred to as a honeypot.
The good news is that honeypots are automatically added to all Ninja Forms on Rainmaker Platform.
For some users that want more control than the automated honeypot, consider adding a human answered question that is easy for a human to answer but difficult for a spambot. This is a simple version of a CAPTCHA. A CAPTCHA is a “Completely Automated Public Turing test to tell Computers and Humans Apart.”
Consider a simple math problem or a question that includes the answer (something like “Type ‘Yes’ if you’re a human.”) I particularly like to use a human question that relates to the purpose of the form; something that further builds your brand. The only limiting factor here is that the answer has to be 100% an exact match – including case sensitivity and spelling.
The key to this technique is that the Spambot will not be able to answer and won’t submit the form. To include this form field, just add the Rainmaker Platform anti-spam field to any form and you’ll catch many of the spambots that can get by the standard defensive measures. You can place the anti-spam field anywhere within the form by ordering the question position.
The Big Guns
The most aggressive site spam management technique is the reCAPTCHA. Like the human answered question above, the reCAPTCHA is an easy for humans, hard for bots submission technology. Historically, some user experience (UX) experts have rejected the use of this method because it requires another user action. Today, Google’s reCAPTCHA 3.0 has addressed this concern with a form field with a no answer or a simple checkbox method. reCAPTCHA 3.0 replace the “click on all of the pictures of bridges” from reCAPTCHA 2.0 and the type the word in the box of reCAPTCHA 1.0.
Google funds reCAPTCHA development. The goal is to provide a standard technology that protects sites from form spam while providing a “frictionless experience” for users.
Rainmaker Platform Andromeda is fully integrated with reCAPTCHA. Adding this technology to your forms starts with registering a site with Google at:
(NOTE: You will need a Google account to register a site for reCAPTCHA.)
Register your site to receive a Site Key and a Secret Key.
Add those two keys to your Rainmaker Platform. To add these keys:
- Turn on the MemberPress Module. This will add Zero Spam Checkout to the Conversion settings. (Add the MemberPress Module by going to Settings > Features > MemberPress. Check the box and Save.)
- In the left-hand menu, click on Conversion and open the settings (the gear beside the title.)
- Scroll all the way to the bottom … keep scrolling … you will see Zero Spam Checkout.
- Add the two keys and save.
By adding the reCAPTCHA keys to the settings in Rainmaker Platform, we will automatically use this feature on all of your checkout forms. To include the reCAPTCHA on other forms, like Contact Us or Email Subscriptions, all you need to do is add the field to your Ninja forms.
Change the visibility if you want users to see that you’re using reCAPTCHA or not. Since reCAPTCHA 3.0 is using machine learning and a predictive score to assess whether a person is real or not, some users have concerns over privacy. If you share that concern, simply make the field visible. Users will see that reCAPTCHA is on the form to protect form submissions.
Be sure to check your home page and sidebars to see if you have an Opt-In form widget in place. The Opt-In form widget has no spam protection built in, so you’ll want to replace any “Opt-in Form” widgets with a “Ninja Forms” widget.
First, you’ll need to make sure you have a Ninja form set up that is integrated with your email opt-in. All you have to do is:
- Click on Content.
- Roll over Forms under Tools and click “+Add New” or the “Add New” button.
It’s easy. Create the form with the opt-in fields you want, add your desired anti-spam tools we talked about above, and select your email marketing list to send the subscribers to. Then, publish the new form. To place the opt-in form on your home page, sidebar, or footer, add the Ninja Form widget to the content area and select the form that you’ve built. Pro Tip: To add content above or below the form, add HTML fields in the form with your copy. Hackers program spambots to look for specific scripts. This simple change will save you a lot of headaches.
We’ve all encountered unwanted content online, whether it is in an email, a bad link or in site spam. Though we can’t prevent attempts to generate spam, we can minimize its impact by using some of these technologies. And, you can also rest assured that the systems and development teams at Rainmaker Digital Services working with best-in-class partners like Sucuri, Linode, and Digital Ocean are constantly looking for ways to block, delete and prevent spammers from your site.
If you have any questions about site spam, how to combat it, or Rainmaker Platform (or anything else we might be able to help you with), we’re always here to listen and help get you the answers you need.
Vice President, Client Services
Rainmaker Digital Services