cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Web App Spam (hack attempt)

Russ3
Community Beginner ,
Mar 03, 2017 Mar 03, 2017

Copy link to clipboard

Copied

I have a web app in which I implemented the "Allow site visitors to submit Web App items​" process from the manual.  It works great, however...

We're starting to get a TON of spam, which looks like an attempt to crack the site (I don't think it has been or will be successful, but...).  About 4000 entries on March 1.

But since this is a Web App and not a Web Form, I don't see, nor can I find online, any method of enabling a CAPTCHA or anything.  Is this possible?

Does anyone have any advice/solutions on this matter?

Screen Shot 2017-03-03 at 9.41.45 AM.png

TOPICS
Developer

Views

318

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
Liam Dilley
LEGEND ,
Mar 03, 2017 Mar 03, 2017

Copy link to clipboard

Copied

Hi there,

First thing is that web app items can only be submitted my logged in customers. So with that you either...

1. Are doing inline code and login for anonymous submissions which is a solution but not super secure.

2. You have an issue where something has been exposed and a bot or person is using login credentials to the front end part of the site and submitting those forms.

What you can do without captcha to avoid bots?

While not stopping every human interaction there is one simple step.

If you remove the form action then it is a form that does nothing. If you have that form action in say data-action="FORM action" in the form node and then on page load just for the form set the action based on that data value the form will work but most bots wont be able to submit the form.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Stephen_Blignault1
Enthusiast ,
Mar 05, 2017 Mar 05, 2017

Copy link to clipboard

Copied

In Response To Liam Dilley

I second what Liam said.

  1. Web apps submissions work on the premise that the user is logged in - hence preventing spam bots and google from seeing the form source.
  2. Set your form action to blank, confusing spam bots. Example: <form action="" data-action="/CustomContentProcess.asx...">. Then within your submit function you read the data-action attribute and paste into action attribute and then submit the form.

Good luck!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Russ3
Community Beginner ,
Mar 06, 2017 Mar 06, 2017

Copy link to clipboard

Copied

LATEST

I can't mark this as "correct" yet, but I've googled this solution, have seen other examples, and implemented it on the form in question.

The form submits and works fine, I suppose time will tell if it works or not. 

Thank you for the suggestion.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices