Let the platform do the work

Preventing Web-to-Lead Spam Entries

Overview

The Web-To-Lead-Form is placed on a public website where you generate leads from prospective customers who visit the site. It just so turns out, spam bots love your site as well. How to fix the this issue without modifying the Sugar source code.

Resolution

This solution comes from a forum post from one of our community members. Kudos to the author of this post:

1. Remove the Javascript from the page the form is on and link to it instead. In other words, the Javascript should be placed in its own file and then linked to in the header of the page. For the formvalidation.js example, please be sure to not include the HTML tags when copying the code to your JavaScript file.

Example WebToLeadForm Page

HTML Code:
<head>

<script language="JavaScript" src="formvalidation.js" type="text/javascript"></script>

</head>

<body>

<!-- this is where your WebToLeadForm is with NO javascript directly on the page -->

</body>

Example formvalidation.js

HTML Code:
<script type="text/javascript">

 function submit_form(){

 	if(typeof(validateCaptchaAndSubmit)!='undefined'){

 		validateCaptchaAndSubmit();

 	}else{

 		check_webtolead_fields();

 	}

 }

---------------more code-------------- //All this code should have just been copied and pasted from your form page to this javascript page

</script>

2. Remove the action="http://somewebsite.com/crm/index.php...bToLeadCapture" from the form line. Our Spam bots didn't care for the Javascript validation and were just submitting the form directly to the source. Example:

HTML Code:
<form name="WebToLeadForm" method="POST" id="WebToLeadForm">

3. Add the following Javascript to your Javascript file (formvalidation.js) document.WebToLeadForm.action = "http://somewebsite.com/crm/index.php...bToLeadCapture"; Example:

HTML Code:
<script type="text/javascript">



--------------some code---------------- if(req){

            document.WebToLeadForm.action = "http://somewebsite.com/crm/index.php?entryPoint=WebToLeadCapture";

	   document.WebToLeadForm.submit();

            return true;

        }

        else{

          alert('Please provide all the required fields');

          return false;

         }

        return false

   }

   else{

        document.WebToLeadForm.action = "http://somewebsit.com/crm/index.php?entryPoint=WebToLeadCapture";

	document.WebToLeadForm.submit();

   }



------------------email javascript code----------- </script>

4. Further Prevention of Spam. Step 3 took care of bots submitting to the form action, this step will take care of bots completely (hopefully). Add a hidden form field to your form called "human" or what ever you will and set it's value to 0. Example:

HTML Code:
<input type="hidden" id="human" name="human" value="0">

Add a Javascript function to your Javascript file which will detect browser activity and change this value from 0 to something else. (I.E. when someone clicks on your form and begins to fill out their last name, the human value will change from 0 to something else seeing as it is a person filling out the form and not just a bot.) Example Javascript Function:

HTML Code:
<script type="text/javascript">



function validateHuman(){

	document.getElementById('human').value = "55";

}



</script>

Now add the following code inline in the "req" validating to prevent the form from being submitted if the "human" value hasn't been change to what you require. && document.getElementById('human').value == '55' Example:

HTML Code:
<script type="text/javascript">



--------------some code---------------- if(req && document.getElementById('human').value == '55'){

            document.WebToLeadForm.action = "http://somewebsite.com/crm/index.php?entryPoint=WebToLeadCapture";

	   document.WebToLeadForm.submit();

            return true;

        }

        else{

          alert('Please provide all the required fields');

          return false;

         }

        return false

   }

   else{

        document.WebToLeadForm.action = "http://somewebsit.com/crm/index.php?entryPoint=WebToLeadCapture";

	document.WebToLeadForm.submit();

   }



------------------email javascript code----------- </script>

Now all you need to do is activate the function when someone types into one of your required fields such as "last_name" Example:

HTML Code:
<input id="last_name" name="last_name" onchange="validateHuman();">