Score:0

How can I stop Webform Spam?

ae flag

We are getting spam from a simple Contact Us webform. We are running Drupal 7, using the Captcha and Honeypot modules. The Captcha challenge is set to image and the Honeypot time limit is set to 4 seconds and in enabled for all webforms. But we recently started to get spammed at the rate of 4 or 5 posts per minute, all from different gmail or ru addresses. For the time being we unpublished the offending webform. Does anyone have advice on what else we could try?

Score:2
ph flag

Here are some things to try

  • Set the honeypot element name to something else
  • Set submission limits by ip address on the webform
  • Set submission limits by cookie on the webform
  • Try reCaptcha v3 if you're still using an older style Captcha

The downside to submission limits is that people on shared computers/networks might get blocked, and if you use a cookie then you have to deal with cookie legislation.

The downside to ReCaptcha is you're letting Google decide who the spammers are. May not be a downside depending on your views toward Google.

No Sssweat avatar
ua flag
Try `reCaptcha v3` from my experience, it doesn't work well. I found v2 to be more effective (<- I'm talking about the Google Captcha version and not the Drupal module version). **PS:** Don't forget to checkmark `Enable fallback for browsers with JavaScript disabled` in the ReCaptcha module settings.
sonfd avatar
in flag
Another thing I’ve used with some success is the [Antibot module](https://www.drupal.org/project/antibot). Though it does require javascript be enabled.
berramou avatar
gb flag
this module is helpful too https://www.drupal.org/project/webform_spam_words
Score:1
in flag

I use the backend of https://www.stopforumspam.com/ together with honeypot very successful. But you have to check if the SFS metrics match your user risk profile.

Not sure if there's a module but here's my code if you like to copy paste and play with it...

  /**
   * @param $ip - ip or ip[]
   * @param $name - name or name[]
   * @param $email - mailadr or mailadr[]
   *
   * @return float|int - the average spam confidence of api.stopforumspam.org
   */
  public static function checkStopForumSpam($ip, $name, $email) {
    $client = Drupal::getContainer()->get('http_client');
    $endpoint = 'https://api.stopforumspam.org/api';
    $names = $mails = [];
    if (is_array($name)) {
      foreach ($name as $n) $names[] = urlencode($n);
    } else {
      $names[] = urlencode($name);
    }
    if (is_array($email)) {
      foreach ($email as $n) $mails[] = md5($n);
    } else {
      $mails[] = md5($email);
    }
    $postdata = [
      'form_params' => [
        'username' => $names,
        'emailhash' => $mails,
        'ip' => $ip,
        "badtorexit",
        "json",
        "unix"
      ],
      'headers' => [
        'Accept' => 'application/json',
      ]
    ];
    try {
      $response = $client->post($endpoint, $postdata);
      $response_data = json_decode((string) $response->getBody(), TRUE);
    } catch (\Exception $e) {
      $response_data = [];
      $response_data['success'] = 0;
      Drupal::logger('asdentbase')->error('stopforumspam exception '.$e->getMessage());
    }
    $confidence = 0.0;
    $conficount = 0;
    $confimax = 0;
    array_walk_recursive($response_data, function ($v, $k) use (&$confidence, &$conficount, &$confimax) {
      if ($k == 'confidence') {
        $confidence += $v;
        if ($v > $confimax) $confimax = $v;
      }
      if ($k == 'value') {
        $conficount++;
      }
    });

    $sumconfi = $conficount == 0 ? 0.0 : $confidence / $conficount;
    if ($confimax > 80) {
      if ($sumconfi < $confimax) $sumconfi = $confimax;
    }


    return $sumconfi;
  }
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.