Foundry Form Pro | Phishing Attack From Russia

A recently published website entitled ‘Posh Paws Cat Hotel’ launched on Thursday the 17th Dec 2020 and that contains a customer enquiry form on the home page using Foundry’s Form Pro stack is attracting a lot of unwanted spam email (see attached example). Has anyone else experienced this kind of unwanted attention ? Does anyone have any advice as to how I can block these communications ? What can I do within the Foundry Form Pro stack to stop this from happening again ? Kind Regards | Justin
Screenshot 2020-12-22 at 16.22.06

What you’re seeing is simply spam. There’s only so much that can be done, unfortunately. If you’re using Potion v2.0 or newer the Form Pro stack has a “honeypot” spam trap built in to it, which is designed to help to thwart bots. This isn’t able to prevent humans from spamming your form, and as bots get smarted may not even thwart all bots.

Don’t forget to put your forum post into a category. Thanks.

What a shame. I will relay this back to the client who is a little upset that she is having to filter her email account so soon into the launch of her business. I’m afraid I don’t know what a ‘honeypot’ is or how it works. On looking at the version of Form Pro that I am current using RapidWeaver is telling me that I am currently on versions 2.09. Thanks for the quick response Adam.Kind Regards | Justin

A honeypot is a method where the form has a hidden input field. The human won’t see the hidden field so it won’t be filled in. Bots will see it and fill in some info. So, if the info is filled in, then the form assumes it is a bot and doesn’t submit.


Where is this “Honey Pot” in Form Pro located? I don’t see any settings for it. Is it the same as the “Human Test”? Thanks.

This is from the Foundry documentation.

“Honey Pot
The Form Pro stack includes a “honey pot” feature that helps in cutting down on the ability for bots to send spam from your forms. This is enabled at all times and simply works in the background.”

So there are no settings and you don’t need to do anything for the honeypot to work.

Thanks Rob. I have also gotten a few SPAM emails, but they were human entered, rather than by bots. You just have to wonder whether these guys have a life other than inputting stupid spam stuff. :slight_smile:

There is a hidden form field that only bots can see, so when they try to fill it out the message fails.