New to the community? Start here

[Forminator Pro] Forminator Honeypot Allowing Spam

It is the weirdest thing. Unlike normal spam that just keeps coming non-stop, honeypot has taken out the majority of the spam; however, every week it seems that there is a day or two where a very specific type of spam rolls in.

A seemingly normal email address, but the name is always random characters.

Such as this:

Submission #130

Date Submitted: 31 May 2019 @ 23:56 PM

Name: 5cf1f782a39e8

Email Address: mattsmith0853@gmail.com

Phone Number:

Message:

Sat, 1 Jun 2019 4:11:30
More Forminator Pro discussions
Forminator Pro
  • Adam
    • Support Gorilla

    Hi Brad Shoemaker

    I hope you’re well today and thank you for reporting this to us!

    It looks like there’s some type of bot that’s able to bypass the honeypot because it’s either just too simple and it doesn’t “see” the honeypot input or it’s been “taught” to overcome that. It’s not really that complex thing to do and while it does work for most of bots it’s rather a basic “anti-spam precaution”.

    I did some tests on my own setup and if that’s indeed a bot, I actually can see how it can be able to overcome that. It’s worth remembering that in reality no solution is 100% sure but I also believe it should be possible to make it at least a bit more “strict”.

    I’ll discuss that with our developers and if we’ll find some reasonable solution we’ll put that on future improvements list.

    As for now, I must say it’ll be difficult to find some workaround – if it’s a human, then the person obviously knows how to deal with such security precautions. If it’s a bot, it already knows how to bypass it so that means that any “making it more strict” ideas would have to be implemented right in the plugin’s code. Therefore, if the amount of that kind of spam that you’re getting is too much, I think the best solution for now would be to actually enable captcha for the form – that, together with the honeypot – should hopefully take the spammy submission down to none (or at least nearly none).

    Best regards,

    Adam