Discussions
Protection Against Mass Form Submission
Instead of relying on manual workarounds to create honeypots or manual forms with passthrough to get recaptcha to work.
There should be a feature that properly implements Google reCaptcha validation by making it appear when suspected to be bot submissions.
This is an ongoing risk of having forms on the web. The Eloqua form processing does not allow for complex back end logic/validation.
Comments
-
This is an issue that Oracle definitely needs to address. Since implementing Eloqua forms, I'm having an increase of spam and bot traffic. Each form submit is forcing me to go in and manually scrub my contact list so as not to have these fake contacts eat away at my contact band.
-
This is an issue that Oracle definitely needs to address. Since implementing Eloqua forms, I'm having an increase of spam and bot traffic. Each form submit is forcing me to go in and manually scrub my contact list so as not to have these fake contacts eat away at my contact band.
Yup, at worse we would need to find another solution for forms and just keep Eloqua as a back end processing / data repository / cross-channel campaign tool.
-
We need to set up our forms in Eloqua and not having the option of "out of box" reCaptcha configuration solution is a big show stopper.
-
Are you using the new Validation defaults in your forms that prevent URL's from being submitted and maintains a valid number of characters? http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/#Help/Forms/Tasks/ConfiguringFormFields.htm#Configur2
-
Are you using the new Validation defaults in your forms that prevent URL's from being submitted and maintains a valid number of characters? http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/#Help/Forms/Tasks/ConfiguringFormFields.htm#Configur2
This only partly solves the problems described above with bots. Fake contacts can still be created by bots as well as form submits. It will only prevent from websites to be submitted.
-
We've had problems where vulnerability scans were performed against our landing pages, resulting in tens of thousands of submissions in the span of a few hours. At the very least, there should be some kind of optional, server-side rate-limiting for form submissions on a per-form basis (so it doesn't affect Form Submit CloudApps where a high volume is expected).
-
We've had problems where vulnerability scans were performed against our landing pages, resulting in tens of thousands of submissions in the span of a few hours. At the very least, there should be some kind of optional, server-side rate-limiting for form submissions on a per-form basis (so it doesn't affect Form Submit CloudApps where a high volume is expected).
If you experience spam, you may want to consider switching to external forms that submit to Eloqua's API. This allows for server-side form validation. Much harder to bypass.
-
If you experience spam, you may want to consider switching to external forms that submit to Eloqua's API. This allows for server-side form validation. Much harder to bypass.
Are your hard coding them or do you have another tool that does it?
-
If you experience spam, you may want to consider switching to external forms that submit to Eloqua's API. This allows for server-side form validation. Much harder to bypass.
Agreed that's possible, but it's another point of failure, another system to maintain, another manual edit that marketers need to remember to do properly, another unnecessary workaround for something that should be standard... Plus it's really only practical for HTML landing pages, not WYSIWYG pages.
-
Fantastic idea. I wish more people would vote this up, spammers are always upping their skills and we need to be able to counter this.
Eloqua 9 Forms used to have server-side validation. We could apply rules for match keywords (including URLs). While somewhat cumbersome, it was effective. It's a mystery to me why we lost that key functionality with the move to Eloqua 10.
I certainly like the idea of leaping ahead, making this a simple interface change on the Form Settings "Don't allow an individual to submit this form more than [X] per hour/per day" and "Don't allow these keywords".
Until this is in place, we have to apply validation upstream, on the external web site forms and can only repost to Eloqua Forms (we authenticate with PHP, etc. which Chris rightly points out are all fail points). We cannot risk using Eloqua Landing Pages that contain Eloqua Forms without the possibility that they will be flooded with spam.
-
We are looking into adding a captcha option natively into Eloqua forms. Also, a trick our internal team uses: you can add a hidden field and call it "Address 3". Bots will see it and fill it out. Real people won't. You can simply filter your submits by that field and delete the infringing submissions. But captcha and server validations are more proactive. I like the idea of limited form submits and key word blocking. Something we can explore.
Wren Ludlow
Oracle Product Management
-
Wren, CAPTCHA is universally despised by every webmaster I've ever met and is mostly used as a "method of last resort" to block botspam - I would deprioritize this as it won't help us make Eloqua easier to adopt.
Instead, is there any chance Oracle will be bringing back the Form Server Side Validation? This is old Eloqua 9 stuff but it was a real gem.
Otherwise, as it stands today if an Eloqua user wants to employ the hidden form method (your "Address3" per above) they are stuck assigning conditional update rules to every form processing step so that they don't process any botspam. And they still have to clean out the spam from their form data reports.
Thanks for sharing your perspectives on this.
-
The Address3 idea is a good one that we've implemented, but many, many, many, many, many, many, many, many, many other form submissions get through with seemingly legitimate data. Is it possible to prevent form submissions from a list of email addresses?
-
Can Oracle please consider this? Impacting our system badly. Sender score has decreased because of these.
We got 2000 submissions in 3 days.
-
Can Oracle please consider this? Impacting our system badly. Sender score has decreased because of these.
We got 2000 submissions in 3 days.
We are in the process of architecting multiple options to solve this problem.
-
We are in the process of architecting multiple options to solve this problem.
Hi Thamina, do you already have an ETA for this solution?
-
Hi Thamina, do you already have an ETA for this solution?
We are in the process of building out (not just architecting) a solution and the hope is to deliver it GA the first part of 2021.
-
Hi @Thamina Christensen-Oracle do you have news about this solution. We are also victim of spam bot submission?
-
@dekeyzes_bpost We are currently working on delivering a solution in February's 21A release (Safe Harbor). This will not specifically bring Google Captcha but a more robust functionality to stop form spam from being processed within your system.
-
@Thamina Christensen-Oracle thank you for the info. I assume this solution will prevent form submission from bots nd not a kind of work around to not use the data submitted by bots.
-
Hello @Thamina Christensen-Oracle , any ETA on this, we used Honeypot before and it was working, however we just relaunched our site and getting hit super bad....HELP.
-
I recently had this issue as well with one of our subscription forms. However, adding a hidden field wasn't working for me. I had to add in a field and make it 'hidden' by making the field white so it would blend into the background. Anyone else experiencing the issue of hidden fields not working? I had to manually insert the code from the form to the landing page...unsure if I was missing code or something, but the only thing I could see was the line <input type="hidden" name="hiddenField" id="fe123" value="">. I updated the landing page with that code but that didn't work.
-
@Thamina Christensen-Oracle Hi, any update on the functionality, that was something that I thought would be included in release 21A?
-
@Stephanie.S , this functionality will be part of a limited CA program with the 21A release. Please feel free to reach out to me directly for further details.
Scott R. Lang
Oracle Eloqua Product Management
-
Hi @Scott R. Lang -Oracle @Thamina Christensen-Oracle - based on the 21A release briefing the form update to prevent spam is to disable Allow form submissions on the forms. The spam submissions is happening on our active forms so I don't think we can use this. Do you have other suggestions to prevent spam submissions?
-
@katpinpin Can you email Scott and me your install name? We'd like to chat with you about your use case. [email protected] and [email protected]
-
@Thamina Christensen-Oracle I just sent you and Scott an email. Thank you!
-
@Thamina Christensen-Oracle @Scott R. Lang -Oracle can I be added to this too? We at Cisco are having a similar issue
-
@User_TWVXL , please email your account manager and me directly and we can setup a meeting to chat about the feature and your use case.
Thanks,
Scott
-
Is there anyway to implement Google reCAPTCHA using Eloqua designer instead of converting it to html code?
how can we put in extra validation code upon "onSubmit()" or "handleFormSubmit()" using purely Eloqua designer?
