Hello, my business site received spam form submissions over the last 1 or so months, my form contains an unknown field submission, only spam will submit the value of the unknown field(Column name: 0, value: Send). Has this happened to any one else? What is happening?
Does “Send” happen to be the name of your form submit button?
If so, looks like they’re just grabbing every <input> field including the submit button <input type="submit"> and submitting it all directly to the form handler.
I haven’t looked into it deeply as I am just migrating form handling for clients who are suffering from the spam issue, but it’s a convenient way to spot spam submits.
What it suggests too, is that all of the recent spam is from a single source.
Webflow sites are easy to identify on the Internet, so it wouldn’t be too hard to scrape Made in Webflow or possibly even just google search results for an identifying string, and build an attack list from that.
Hello, did you figure out how to block these spammers? We are getting a similar thing every day now, it started one week ago. They have a Gmail address (which our code blocks) but they add this “0” field that include our button ID (“Submit”). We tried to change the button id but it didn’t help. Any advice?
Franco, you can either wait for Webflow to finish building their anti-spam solution, or you can just switch to using another webhook handler. Formspark and Basin are popular among Webflow devs. There are others too, including self-hosted solutions.
@francopd - You could look at using Zapier and Akismet which would probably do the job for you. Webhook → Make → Akismet → Email. Alternatively, when I need server side validation I embed Machform forms on web properties. Nice features and a nice builder. Self hosted or hosted is available.