Use Google’s reCAPTCHA Service Without Annoying Your Users
As a site owner, marketer, or developer you are well accustomed to seeing fake or bot form submissions, which can be quite an annoyance and potentially time intensive depending on the severity. Luckily there are proven, modern solutions to this sort of problem: form captchas. There are many types of captchas but in the basic sense; a captcha test is designed to determine if an online user is really a human and not a bot. The most popular captcha is reCAPTCHA by Google. reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a Turing test to tell human and bots apart. It is easy for humans to solve, but hard for “bots” and other malicious software to figure out. You may recall older (v1) versions o the reCAPTCHA looking something like this:
These were quite frustrating because they were often difficult for humans to resolve. The V2 reCAPTCHA has been improved to be more user friendly while still being effective at wedding out bot submissions:
CAPTCHAs play an important role in keeping the internet spam-free and making everyone’s experience a little bit better. reCAPTCHA also makes positive use of the human effort spent in solving CAPTCHAs by using the solutions to digitize text, annotate images, and build machine-learning datasets. This in turn helps preserve books, improve maps, and solve hard AI problems. Pretty neat!
Pro Tip: If you wiggle your mouse back and forth after checking the checkbox, you have a greater chance of NOT having to solve the puzzles! This is because the Captcha takes in many data points (browsing history, IP, etc.) to calculate its score and “human-link mouse movement” is one of the attributes your human score is calculated from. The more data points, the higher your score is and thus not having to provide additional information (matching games, etc.).
NetSuite Forms are Vulnerable
Whether you’re using Site Builder, SuiteCommerce Advanced, or SuiteCommerce Standard, NetSuite supports adding forms to your website – either an online customer form or online case form. A customer form would typically be used for a newsletter signup, while the case form is more for ‘contact us’ forms that use the support case feature in NetSuite to track the communication. If you use any of these forms, they are susceptible to getting spammed by the millions of bots that are constantly looking for forms to enter their spam into.
We at Fourth Wave Consulting have heard from a few companies that have recently been getting hit hard by spam bots, and have developed a custom solution to make your NetSuite forms (including Suitelets) spam resistant using Google’s free reCaptcha service. Bots are always getting smarter, so defeating them is a constant arms race. We use 3 different approaches in our solution to make it as hard as we can for any automated tool to successful submit the form. Your form submit function will be disabled entirely, both by users and bots until the Captcha is solved / approved (and most of your users will just need to check a box). Once the Captcha has passed, the form is able to be submitted. The success rate in blocking form submissions using a secure callback from Google’s reCAPTCHA API has been very high in our experience over the years.
We highly recommend all of your web forms have some sort of Captcha protection. Our reCAPTCHA solutions are ready to be applied to your website, let us know if you still have unprotected forms and we can cut the spam off at the source.
More from Fourth Wave
Latest posts by Kevin Carpenter (see all)
- Protect Your Online Forms from Bots & Spam - October 22, 2019
- What to know about schema.org and microdata tagging - May 2, 2019
- Netsuite Site Builder Responsive Conversion – Tips & Tricks - February 13, 2019