Streaming live at 10am (PST)

Form with third party submission handling is under spam attack


I have a form that is sending data to a third party handler (Lasso), and is then redirecting to a simple thank-you page. This form has recently been under a spam attack and I’m receiving spam submissions every few minutes for days now.

I’ve tried adding a recaptcha, but the docs say that Recaptcha will not work with third party form handling.

I’ve received instructions from Lasso as below, though I’m not sure this is possible to do within Webflow?

"In order to post your registrations to Lasso, the website requires our LassoUID, Project ID and Client ID. When I view source on your website, it looks like these IDs are open to the public and it gives the spam bots an opportunity to take these IDs and spam your registration page.
I suggest we look into the ability to hide these IDs from the website so they are not visible to the public and reduces the risk of this happening again.

Would it be possible to post leads to Lasso via PHP? first post the form to your website server using a reCAPTCHA and/or Honeypot. If the reCAPTCHA/Honeypot validates the submission, subsequently post to a back-end system and add the appropriate IDs and values. From there, submit the data to Lasso."

The form HTML is as below:
<form id="email-form" name="email-form" data-name="Email Form" redirect="/thank-you-for-registering" data-redirect="/thank-you-for-registering" method="post" action="">

Could anybody suggest a way to prevent these spam submissions getting through without interfering with the third party service?