Spam entries with no url_referer

  • Resolved arnbo

    (@arnbo)


    2 years, 5 months ago

    I’ve enabled reCAPTCHA now, so that’ll hopefully fix the issue of spam in general, but I’m curious as to why the floods of spam we have been getting does not show a referer URL.
    The {url_referer} tag works whenever I test the form, but in the spam submissions it is blank.
    Is this a sign of a security issue I should look further into?

Viewing 5 replies - 1 through 5 (of 5 total)

  • I have been getting many complaints from my clients regarding all the horrible SPAM they are getting from WPForms. reCAPTCHA does nothing to filter and stop them. I get these SPAM messages on my own websites even offers from people selling the system to get around the reCAPTCHA code and post SPAM on other sites.

    I’m looking for another option to forms and shutdown WPForms on all my client and my own websites.

    Hey @arnbo and @erwordpresser,

    We’re sorry to hear that you’ve encountered spam issues.

    If you’re still having spam with reCAPTCHA enabled, you can consider increasing the security level of the reCAPTCHA integration on your site.

    For v2 reCAPTCHA, you can do this by going to your reCAPTCHA account. Then in the settings of your current integration, you can adjust the Security Preference slider.

    For v3 reCAPTCHA, you can adjust the settings in your WordPress admin area by going to WPForms > Settings > reCAPTCHA. In this Score Threshold field, you can increase the score to a higher number for stricter security.

    And if you’d prefer not to use reCAPTCHA, we have another anti-spam protection feature, hCaptcha. This is a good option if you’d prefer not to sign up for Google’s reCAPTCHA service. Within your forms, hCaptcha will display a checkbox asking users to prove they’re human (much like Google’s v2 Checkbox reCAPTCHA). We have a detailed guide for setting up hCaptcha.

    Alternatively, you can consider the third-party plugins such as WordPress Zero Spam or Spam protection, AntiSpam, FireWall by CleanTalk which work out of the box to protect your forms against spam.

    Further, The {url_referer} Smart Tag obtains its value from a PHP variable $_SERVER[‘HTTP_REFERER’], however, this variable can’t be considered to be infallible, as there are a number of things that can affect it, and it is considered to be an often modified data value.

    Could I ask for some details about your intended use case here? Perhaps I might be able to provide some other suggestions that could work more reliably which is suitable for your purposes. In case it helps, this guide might help.

    Hope this helps!

    Thread Starter arnbo

    (@arnbo)

    @prashantrai That doesn’t really answer my question. I want to know why the {url_referer} is blank and if that means that they’re bypassing the website somehow.

    Hey @arnbo – when you have sometime, can you please share the website URL so we can take a closer look at it?

    Kindly,

    Hi @arnbo — We haven’t heard back from you in about a week, so I’m going to go ahead and close this thread for now. But if you’d like us to assist further, please feel welcome to continue the conversation.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Spam entries with no url_referer’ is closed to new replies.