Hi all! Does anyone else use NetSuite Online Client Forms for their website? We are being attacked by bots and I am starting to lose it. We have a ReCaptcha on the form and they are still getting through. What has everyone done? How do I make it stop? We have been getting like 20+ a day on two different forms. Help, please!

We've had issues with this. Refactoring to a custom HTML form with an SSP handler allows to to start adding custom rules to block based on the data they're submitting and identifying and logging originating IP addresses. Using Cloudflare as a CDN for your website can also help, as you can block or challenge traffic based on origin. In my experience, 90% of these issues come from China or Russia. We challenge all traffic from both and the issue is all but gone.

Thanks @Dominic B! We use Pantheon for our hosting. But because we are using the NetSuite Embedded forms I don't think it is doing much. How are you challenging traffic from China and Russia from NetSuite? We have to use NetSuite forms currently because thats how we get all our leads into the system. Going to a generic form that doesn't connect to NetSuite really isn't an option for us right now.

It may be worth speaking to Pantheon, as they say they offer Fastly CDN on all plans with "location-based blocking". You may struggle to secure the Netsuite form though, as the POST URL is on a Netsuite domain. In the first instance, I'd try implementing location blocking and then redeploy a new form so the NS URL changes. If you still have issues after that, you'll probably need a custom form solution.

Thank you @Dominic B. I really appreciate your help!