Pardot form handler - spam submissions - pardot

Hi I have a pardot form handler set up on a website for a client and it is receiving a lot of spam submissions. We set up a honeypot and recaptcha and while they are working, they not seem to be effective in stopping the spam.
We now think the spam submissions are coming from outside our site. I set up a field on our site that sends the url of the page to Pardot when the form is submitted. The ones we sent from our site have the correct url, while the spam submissions don't have the field filled out at all.
Has anyone come across something like this and how did you stop the spam?

I just stumbled across this question now so you may have already got a solution.
If not...
There are bots out there that will be looking for forms that post to Pardot and spamming them. The bot will hit the Form Handler URL directly (e.g go.pardot.com/l/2232) - it will not actually fill in the form on your site.
It seems like you may have already tried to use the Pardot honeypot technique:
https://help.salesforce.com/articleView?id=pardot_forms_add_honeypot.htm&type=0
Alas, this won't really work as the bots aren't filling in those fields.
Some possible solutions:
Use a Pardot Form, instead of a Pardot From Handler, if you can. These forms have additional spam protection.
Instead of your form posting directly to Pardot, send the information to another service first and try to detect spam there. For example, we use Wordpress forms and we clean out spammy enquiries within the Wordpress code before sending it on to Pardot (using CURL). You'll need your web developer to help with this though.
Lastly, use unique "External Field Names", combined with the Honeypot technique listed above. So instead of fields names such as "firstName", "phone" etc, use "web_first_name", "web_phone".

I have come across the same issue - Bots attack Pardot Form Handlers and their URLs.
A bot is scraping our website, looking for the form URL. The later they target precisely this URL separately and that's why captcha or honey pot or anything done on the actual website is not helping!
How did I solved this?
Instead of the form posting to the Pardot Form Handler URL, I changed so that the form is posting to our own server side. Then from our server side we're posting to the Pardot Form Handler URL, but only if the visitor is not a bot.

I've removed the url from the form action and set it dynamically once the submit button is being clicked. That moment, I am combining the url in several steps, e.g.
let actionURL = "https://":
actionURL += "go.company.com";
actionURL += "/1234445457/deeger";
actionURL += "/sdfsddffffd";
$('#subscribeForm').attr('action', actionURL);
$("#subscribeForm").submit();
This prevents the bot from scanning the url on the form in plain text.
If the endpoint url is already compromised, you have to create a new form handler first.

Related

Is it possible to limit submit form of visitors through ->ip() in Laravel

Block or limit visitor's(just viewing a website, no user registration) multiple form submission in Laravel by getting client IP and saving it in database then use it to detect spamming visitors. is that possible?
I wouldn't recommend using a visitors IP to prevent future requests to your site via forms. IP's are very rarely static for the average user. If the user knows what they're doing, they'd just have to restart their internet connection and their ISP would give them a different IP address. Additionally, they could just proxy their requests utilising IP rotation to bypass your "security".
If you're trying to prevent bots from submitting forms. A good method is to implement a hidden input field with no value. If the form is submitted and the input field has been populated then you know it's a bot. It's not the most reliable method as the bot has to be a dumb bot.
The only truly "reliable" method I can think of is Client-Side > Server-Side validation such as Google ReCaptcha.
Ofcourse the alternate method is just accept that your form will get spammed and find a way to handle the spam after it's been submitted.

How to handle Stripe payment failure via AJAX, with standard page load for success? (using Laravel backend)

I've got a long and fairly complex form for a booking system that a user fills in, then pays using Stripe Checkout. I'm trying to figure out the best solution to both handle payment failure easily (so submitting form over AJAX so I don't have to try and regenerate the whole booking form with all the data the user's entered), whilst also handling payment success gracefully (so with a new page showing a booking summary and a different URL so if user clicks reload button in their browser it doesn't just take them back to the search results and booking form again)
I'm using a mixture of Laravel 5.4 and JS/JQuery to generate the booking form on the front end, and after Stripe Checkout (I'm using their standard simple integration pop up) it submits all the form + Stripe token etc back to a POST route in my Laravel backend. In my controller, I then try and charge the credit card using standard Stripe API and process the booking details into my database, and then return a Laravel view from a Blade template thus giving the user a different page and URL. As mentioned I want to switch the form submission to AJAX so payment failure can be handled easily (i.e. their big filled in form doesn't disappear, and just an alert pops up to user so they can try and enter a new card into the Stripe Checkout). That bit's fine, I'll just use this: https://stackoverflow.com/a/34099169/4059141 but then in payment succeeds I basically want the same behaviour as if I'd done a regular form POST, so the new page being displayed with a new URL.
I can generate and pass back the rendered HTML from the blade template over AJAX no problem, but that leaves the original URL in the browser's address bar, so if they hit reload on the booking summary they'll just see the search results page and blank booking form again - not what I want.
Any thoughts on a solution are welcome! Thanks

Send a 'click' to Google Analytics from ruby

I'm building an app with some 'mail tracking' feature and want to notify google analytics about a click in a link from ruby.
I've already changed all external links from email to go to my server to be redirected, so I know what and when the user clicked.
I want to send this click just knowing the 'UA-XXXXX' and the clicked url.
Is there a way? Or the best solution is to render a html page and with JS send the click event?
UPDATE: Ok, I've found gabba but don't know how to send an 'click' event.
Generally its better to use the JS api, since it has access to all of the other data that analytics tracks, like the visitor browser/os/geoip and can tie all that to a 'visit'.
If you are embedding links in emails, you might consider using the source/medium/campaign flags in the links.
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033867
So technically its not tracking the 'clicks' as an event, more like tracking the fact that the user came to your site from that particular email. You could use a separate campaign label if you wanted the individual click granularity. (If, for example you had the same url in the email more than once and you wanted to know whether they clicked the first or second one in the email)

Ajax & ASP Classic Notification Display

I'm doing some updates for an intranet i created few years ago using ASP Classic. What i've been ask to do is to ALERT all users when news on intranet is added. Basically i need to check on database when news is added and than trigger an action to all intranet users saying you have New Message
I'have done a lot of research on this and i could't really find a good example for it.
Your help will be much appreciated.
Cheers
Vullnet
Basically to need to poll the server using AJAX and check for new messages.
I suppose you have a messages table with and ID that counts up. You need to track each user's last message pointer, and send this as part of your AJAX request ad a parameter. If the server's ID is higher thsn the user's then they have a new message.
Based on the AJAX response you then alert the user.
You need to make an ASP that responds to your AJAX call, Pass it a number and it responds with "OK" (not new) or "NEW".
IT works the same way, regardless of the server-side language. Use jQuery to perform your AJAX calls.

MvcMailer view in browser

I am using MvcMailer with my website to send html emails.
seems good, but im just wondering how i can view the created emails in a browser.
eg in some newsletters they say "view this email in a browser", so i am just wondering how I can do that with MvcMailer.
The easiest way is to put a link in the email back to your site, and then create a controller/action that uses the same view, and builds a model the same as the one you used when creating the email.
If all the data you need is in the database, you may be able to just pass a key in the querystring (note: if the mail contains potentially sensitive information, make sure the url is tamper-proof), otherwise you might need to pass in more data to allow you to reconstruct the same view that you did when generating the email.

Resources