Answered

My typeform got hit by a spam robot


Hi everyone,

I was running a market survey and it looks like some spam robot found our typeform and added thousands of responses and now our data is ruined. I’m so upset! This never happened before after using typeform for 5 years. The data and survey are ruined it seems, which is extremely problematic for our organization and our client.

 

Does anyone have suggestions on how to weed out the spam entires? There seems to be no rhyme or reason to them and they are scattered everywhere.


Thank you.

icon

Best answer by Liz 14 May 2021, 23:49

View original

28 replies

Userlevel 7
Badge +5

Hi @mdg First, thanks for joining the community and argh! So frustrating. :( 

Are you using this form again in the future? (In which you’d need to remove the entries in typeform) Or are you duplicating to start new? 

We also have the post below on preventing spam, which may help for future forms. 

 

 

Why do you have no devs viewing these comments, your product is prided on its security yet there is no integration to prevent spam submissions. Captcha integration should be a main priority. 

Userlevel 7
Badge +5

Hi @Bobby I can assure you that our dev team does look at these comments. While this isn’t on the roadmap currently, I’m happy to share your feedback with their time. In the meantime, definitely utilize the workarounds listed above. 

The thing is if you ask any dev about the solutions listed above they would know the solutions are bogus and don’t actually solve anything. Anyone trying to ddos a typeform can still do it with ease, those solutions listed dont solve the issue. Dont mean to bash you as it not your fault, just frustrated to discover these issues after ive payed a subscription. 

Userlevel 7
Badge +5

Hi @bobby1 Have you tried any of the workarounds above already? If so, which ones have you tried that haven’t been successful? If you could share the link to those forms, we’d be happy to take a look to see why the workarounds aren’t working. 

Like the only work around ive seen above is the one where you place an image as one of the Typeform questions (or have multiple Typeform questions saying “pick the cat, pick images with a train etc.”) and ask for the user to enter the codes/pick images. The thing with this is that someone with malicious intent can simply read the code on the image, and hardcode it within their bot. This provides 0 protection. The only way this would work a bit better is if the images/codes are randomized and even then if the answers are kept as “hidden variables” they can still be found in the networking tab as that validation I believe is done frontend. I dunno just saying Typeform should have its own captcha and not workaround solutions as this is a pretty important thing to have. None of these “workarounds” are valid solutions to this issue, its like putting a bandaid on a bullet wound.

Userlevel 7
Badge +6

sounds like an opportunity for someone to write a ‘product’ or add-in for Typeform that could be worth some coin.. 

just in case it takes a while for Typeform to get there.. 

 

des

Userlevel 7
Badge +5

Hi @bobby1 Totally agree! In the meantime, I would definitely give that workaround a try, and if you run into the issues you’re stating with it, let us know, and we’d be happy to take a look. 

Our survey also got hit with spam and now we are stuck continually upgrading our account to pay for the spam submissions. Something is not right here and I need help finding an immediate solution. There is way too much on the line here to allow spam to ruin a proprietary study. I’m still confused on whether or not a Captcha is an option or not. 

Userlevel 7
Badge +5

Hi @Marketing Operations User As we don’t have a direct captcha feature, have you tried the workaround above? 

HI @Liz Trying one of them but still, how can Typeform charge the customer for spam attacks where there isn’t a way to prevent provided? I’ve had to upgrade our account twice and I don’t think that’s fair. 

Userlevel 7
Badge +6

@Marketing Operations User - how are you exposing your Typeform to the ‘world’? have you put in place any measures on your web site, if it is embedded? Are you sending out the link to your users via email? 

 

what measures are you taking at your end to prevent the bots from attacking? 

 

don’t mean to be adversarial here just trying to understand … I’ve had to work my clients to ensure that their typeforms are embedded in their websites with the appropriate website- security to prevent the spambots.. 

des

I was unaware it’s best practice to embed the survey. Good to know. 

We do share the Typeform link via email and social media. We used Typeform last year with no issue at all. This year, it’s a total train wreck. All I’m saying is the product should have native protection (or identification of bots) in place and the fact that we have to upgrade our account to cover for spam responses isn’t cool. 

Userlevel 7
Badge +6

@Marketing Operations User - the majority of the cases that I have seen of spam-botting come from those who push out their forms in social media… it seems to be a haven for folks looking to make life miserable for those of us who really want to make it work.. 

 

just a few thoughts.. good luck.. 

 

Hi, we are using Typeform for new user sign up on our website but have recently received spam entries that have significantly increased the number of entries, majority of which seem to be coming from Indonesia. Can you please help us understand how we can identify/remove these spam entries as well as prohibit more of these from coming in?

Userlevel 7
Badge +5

Hi @jessica carapace Have you taken a peek at the workarounds/solutions above? Let us know if you have any trouble setting those up!

@Liz tried the workaround solution but having issues with implementing the logic sequence… Can you share how to set this up so that if i add a random multiple choice question and the correct answer is selected then the application is completed ?

Userlevel 7
Badge +5

Hi @jessica carapace This post here can walk you through the logic jump setup. If you have the logic jumps setup and they’re not working, do you mind sending a screenshot of your logics? That will help us further understand why they aren’t working. 😀

@liz, i previously used the provided link to try and create the logic sequence…. The information offered is shown below, however as stated this doesnt share how or where to add the logic sequence. Is there someone from your team that can reach out and help? I need to get this resolved and need individual help walking through this set up. 

 

Userlevel 7
Badge +6

Ok.. maybe this will help @jessica carapace 

i created a little test form at this link that you can try

here’s the 3 questions in the form

 

the first question is this - 

 

the essence of the logic is that you need to put the logic rules on this page - you want to evaluate if hte user has entered the correct characters. if they do, take them to next real question. if the characters don’t match, then take them to a statement page that says ‘oops’ and if they click to continue it takes them back to enter the info again.. until they either get it right or walk away.. 

 

here’s the logic rules view

 

what it looks like in the logic map is this. 

 

 

this should be simple enough for you to follow. 

 

just a suggestion: there are several really helpful articles in the Help Centre - all you need to do is head over there and search a bit. there are plenty of similar videos and walkthroughs that explain how to use the logic rules. 

 

cheers

 

des

Is there an actual roadmap for this? Hardcoding a code is, as described thoroughly in this thread, not a solution. Recaptcha before the form is a much better but not a good user experience either. Typeform not providing such a protection of the box is simply saying, “since we charge per form submission we don’t actually care if our customers get spammed and/or actually encourage it”. Please prioritize accordingly.

Userlevel 7
Badge +5

Hi @Ifdk this isn’t currently on the roadmap, but I definitely suggest using the workarounds above. 

@Liz Where can we view the roadmap and get clarity on/if when the spam issue is going to be addressed?

I am sure it would not be in Typeform’s interest for users to think they aren’t actively pursuing the area of spam/bot attacks because it makes business sense; they generate revenue from spam exploitation…

As a developer who offers/promotes TF to my clients this is a turn-off for doing so, and I see your competitors do offer recaptcha/spam protection.

Userlevel 7
Badge +5

Hi @neb We don’t have a public roadmap, but keep an eye on the community for feature updates!

💯 agree, Typeform is becoming unusable since we are getting spammed by obvious AI generated answers. Such a loss of time!

Reply