Captcha setup on webforms but still getting spam (mostly from same IP address)

Hello all,

I am a developer working on a site which was built before I came to be working on it. We have only a few forms, via Keap. The problem is, you guessed it, spam! When i arrived, the forms had the checkbox checked to not use recaptcha. I have unchecked it. The pages with the forms, they have the recaptcha badge as usual. I have added recaptcha to sites before via varying methods. For this, we are still getting spam.

  1. Most the spam lately at least is coming from the same IP, over and over. Can i block an IP here in Keap?
  2. I have checked and double-checked it is set up right. Here is how:
  • The forms are each in a custom Gutenberg block (it’s a WordPress site, by the way)
  • They are implemented via the copy HTML un-styled code option.
  • After changing the recaptcha option in the forms’ settings, i did update the code, including all of the scripts, in the block (see screenshot) - except the jQuery script, since it is already loading on the pages and loading twice throws errors
  • I also updated the other fields, like the Infusionsoft ID and version fields, making sure it all matched. Still, spam.

Can anyone help me troubleshoot this? Is it possible to force recaptcha V2 so there is always a popup to block the bot? I started setting up Honeypot per instructions in Keap help, and hit a wall, but I can come back to that. I’d prefer captcha to be working and prevent the submissions from ever getting into Keap.

You can see a form towards the bottom of this page: https://extraordinaryjourneys.com/

Thanks!
Ben

Hi, @Elizabeth_Gordon ,

So most people with Keap forms will end up using spamkill. It uses about seven different methods of spam prevention but it mixes up the ones it uses on each form to prevent bots and bot developers from finding work arounds. Most people I’ve seen talk about it are quite happy with their results.

I’m a dev too and the only other thing I’ve come up with is to make the submit button disabled until the mouse is hovered over it. Code can’t move the mouse so it means that bots can’t submit the form.

Hi @John_Borelli,

Thank you for the reply. I am going to look into spamkill, and also the submit button trick - that will probably be all I need. Clever idea!

I’ll post back with how it goes.

Thanks!

Hi John,

I have coded your idea, and it seems to have helped a little but still some are getting by. When i added disabled attribute to the form submit button, I had to also add a setTimeout as something in the reCaptcha was removing it somehow. I’m thinking bot got in in that 1 second delay? Can you share any insights on how you got this to work?

this is the code I’m using:

    setTimeout(
                            function () {
                                //do something special
                                $("button.infusion-recaptcha").prop("disabled", true);
                            }, 1500);

                        // make wrapping div's width auto so hovering in whitespace to the right of button doesn't remove the disabled attribute
                        $("div.infusion-submit").css({
                            "width": "auto",
                            "display": "inline-block"
                        });

                        // enable the button when mouse hovers over parent div
                        $("div.infusion-submit").mouseenter(function () {
                            $("button.infusion-recaptcha").prop("disabled", false);
                            console.log("submit disabled removed!")
                        });

Thanks