Blocking SPAM although reCAPTCHA is being used w/webform
Request Type:
General Assistance
Forums:
Issue/Request:
Dear Webteam,
The ‘Send a Message’ webform on the President’s site is using the ‘reCAPTCHA’ module to protect it from SPAM. But, the webform has been getting spammed, please see: http://president.yale.edu/node/19/submission/11676. Is there anything else that can be done to stop SPAM from coming in? I don’t think they would want to put this webform behind CAS as they’d like to receive messages from non-Yale people (as well as internal). Please let me know what other options there might be.
Thanks!
Jo
Hi Jo Ann,
I’m surprised those are getting through, but since they are the only other thing I would recommend is the Mollom Module https://www.drupal.org/project/mollom. From the instructions it looks like you need to create an account separate from YaleSites to manage this, but the module provides the connection. https://www.drupal.org/documentation/modules/mollom.
Hope that helps.
Thanks, Nance!
Follow up questions:
Please let me know because I’m sure my contact in the President’s office will have questions so I’m trying to cover those before following up with them.
Jo
Nancy,
I took a deeper look at the rather large number of webforms being used on the President’s site. I believe that with the exception of two forms, none of the others of using the ‘reCAPTCHA’ module. I only checked four out of the over 40 or so webforms and they were not using the module. But the spam is coming through the ‘send message’ form which is using it. Could it be that because of the large number of webforms not using reCAPTCHA that regardless of which form is using the spam is making it through anyway?
Just a thought. Please let me know what you think.
Thanks!!
Jo
It’s a good theory, but I don’t think that’s it. I’m not sure how the spam is getting through. We’ll look into it. It’s possible the other webforms are either pointing to CAS and therefore requiring a login or just aren’t as visible so the spammer aren’t finding them. We’ll look into it and find out more.
Good morning, Nancy!
Thanks for taking the time to look into this. I honestly do not think the other web forms are pointing to CAS. It seems that they’re all for receptions and dinner invites. I’ve just suggested that instead of creating a new webform each time that a webform with the basic info is created and can modified and reused depending on the function and to include reCAPTCHA on it. It seems all of these web forms are for ‘one time only’ events and so create clutter in the site.
Thanks, again, and please let me know what you end up finding out.
Jo
Jo, there is a new version of reCAPTCHA out that we can give a try. I’ll deploy the update to president.yale.edu tonight and it should take effect immediately. If that doesn’t work, setting up Mollom would be the way to go.
Thanks so much!
Can I ask you to please deploy it to the dev site too? I don’t know if it goes to one place it will go to the other. Another question: after the update is deployed, to check it would be to check-in with their office and ask if they’re receiving any more SPAM coming in? Or, is there something else I can do without contacting them?
Ok, it’s loaded in dev now so you can test out that webform while logged out and see the new reCAPTCHA. You can check the webform submissions to see if spam is coming in, but it’s getting more difficult to battle spam submissions with just a CAPTCHA since they are sometimes humans submitting the comments, not just robots.
Vincent,
Please deploy the update to the reCAPTCHA module to ‘president.yale.edu’. After this is done, could you please let me know so I can check the webform pages on the live site.
Thanks so much!
Jo
This issue was resolved offline.