Display a CAPTCHA field
Protect your website from robot attacks by displaying a CAPTCHA field.
The Web Forms for Marketers module gives you the tools to protect your website from robot attacks. The CAPTCHA field can help you to distinguish between real users and robots and therefore protect your website and web services from abuse by programs masquerading as real users. A CAPTCHA field requires the user to enter some symbols displayed in a field.
Here is an example of how the CAPTCHA field might look on a website:
 |
You can choose to display the CAPTCHA field every time for every form, or you can display the field in the following cases:
The visitor is a robot. The system identifies the current visitor as a robot using a special algorithm.
A suspicious visitor is detected. A visitor submits the form several times in a short period of time.
Suspicious form activity is detected. The form is submitted several times in a short period of time by one or more users.
If your Sitecore solution is running on several servers then the number of form submits per server is taken into account.
You can select the condition that must be fulfilled before the CAPTCHA field is displayed on the form.
This topic outlines how to:
You can configure the CAPTCHA field so that it is always displayed on the form:
In the Form Designer, select the CAPTCHA field.
In the Security section, select Always show CAPTCHA:
Click Save or Save/Close to save the form changes.
You can configure the CAPTCHA field so that it is only displayed if a robot attacks your website. A suspicious visitor is a visitor who submits a form several times in a short period of time. Usually such behavior is particular to robots.
To display the CAPTCHA field if a suspicious visitor is detected:
In the Form Designer, select the CAPTCHA field.
In the Security section, select Show CAPTCHA if and click Edit.
In the Robot Attack Protection dialog box, in the Detection Thresholds section, select a suspicious visitor is detected and enter the maximum number of times a visitor can submit the form and the time period.
To display the form with the CAPTCHA field on a separate page, in the Form Display Page section, select a suspicious visitor is detected.
To display the form with the CAPTCHA field on your custom page:
Click Change.
In the Select Form Display Page dialog box, browse to the page you want to display the form with the CAPTCHA field on.
Select a placeholder for where to put the form. Contact your Sitecore administrator to find out if this placeholder is enabled using the Select Placeholders wizard.
Click OK to close the Robot Attack Protection dialog box.
Click Save or Save/Close to save the form changes.
When you have selected a suspicious visitor is detected, this information is displayed in the Security section, along with the time limits that you configured:
Note
When you select a suspicious visitor is detected, the visitor is a robot condition is automatically enabled.
If a visitor submits the form more than the specified limit, the form with the CAPTCHA field is displayed.
Suspicious form activity means that a form is submitted several times by several users in a short period of time. Usually such behavior is particular to robot attacks. If your Sitecore solution is running on several servers then the number of form submissions per server is taken into account.
To display the CAPTCHA field if suspicious form activity is detected:
In the Form Designer, select the CAPTCHA field.
In the Security section, select Show CAPTCHA if and click Edit.
In the Robot Attack Protection dialog box, in the Detection Thresholds section, select suspicious form activity detected and enter the maximum number of times a form can be submitted and the time period.
To display the form with the CAPTCHA field on a separate page, in the Form Display Page section, select suspicious form activity detected.
To display the form with the CAPTCHA field on your custom page:
Click Change.
Browse to the page you want to display the form with the CAPTCHA field on.
Select a placeholder. Contact your Sitecore administrator to find out if this placeholder is enabled using the Select Placeholders wizard.
Click OK to close the Robot Attack Protection dialog box.
Click Save or Save/Close to save the form changes.
When you have selected suspicious form activity detected, this information is displayed in the Security section along with the time limits that you configured:
 |
Note
When you select suspicious form activity detected, the visitor is a robot condition is automatically enabled.
If the form is submitted more than the specified limit of times, the form with the CAPTCHA field is displayed.
If a robot submitted a form or any of the specified thresholds are exceeded, the Web Forms for Marketers module can send an email notification with a predefined text to specified recipients.
To activate email notifications about robot attacks:
In the Form Designer, select the CAPTCHA field.
In the Security section, select Show CAPTCHA if and click Edit.
In the Robot Attack Protection dialog box, on the Warning Email tab, enter:
In the To and CC fields, the recipients’ email addresses.
In the Subject field, the subject of the email message.
In the Message Body field, the text of the email notification.
Click OK to close the Robot Attack Protection dialog box.
Click Save or Save/Close to save the form changes.