I accidently came across some pretty “smart” SPAM bots on one of the pages I’m consulting on. Maybe they are finding ways around the “Reputator” and “the Bear Trap” the Unbounce team has put in place.
Background: A few landing pages created for PPC traffic targetting different verticals. So far nothing out of the ordinary. We’ve copied these pages with unique URLs to drive organic traffic from the client’s blog in order to keep the statistics nice and neat.
Problem: One of the copied pages is performing/converting really well but with just 35 or so conversions, I didn’t think much of it until today. I got a notice from the client that the page wasn’t recording one of the drop down fields. So, I went into the editor, webhook settings, form field labels, etc. Everything that I could think of and yet nothing seemed out of the ordinary. Submitted a form and all the fields got recorded and the webhook fired OK.
I was just about ready to give up, choke it to a weird bug and keep my eye on it for the next few days… until I decided to open up the leads list and learn a bit more about the leads that didn’t record this particular drop down.
On first glance, the list looked like an ordinary leads list but I had a feeling something was off…
The “smart” SPAM bot:
- A few leads per day (3-4).
- Seemingly different IP addresses, no repeats on a given day BUT addresses in the same range. When I checked about a dozen of the IP addresses all of them were from Buffalo, NY. [first red flag]
- “Company Name” is one of the fields on the form. Every lead had it filled in but with some very strange names ending in Gmbh (typical for German companies), Ltd. (Europe), AG, LLC, etc. [second red flag]
- “Email Address” - All the leads had an email address @yahoo.com Small sample size but still highly unlikely. Plus, a lot of them were a combination of first name, last name plus a random number. Some of the leads had different information except for the same email address. [third red flag]
- UTM hidden fields - We have a few utm hidden fields that didn’t get filled in.[smart]
Finally, I did a google search on some of those email addresses and they came out associated with SPAM activities on different sites/forums that apparently track these.
Solution: Since, I’m not a big fan of captcha, I’m thinking of adding one more hidden field that would look ordinary to this smart bot (ex. city or street) and see if it gets filled in.
Anyone else tried or tested something better? How do you deal with form SPAM?