Webstudio
Log in

Join the Webstudio community

Updated 10 months ago

Limiting Spam Emails from Contact Form Webhooks

At a glance

The community member who created a new website with a contact form has received spam emails and is looking for recommendations to limit this. The comments discuss the use of Turnstile, a service that provides server-side validation to prevent spam, but the community members are facing issues with accessing their Turnstile account and integrating it properly. They suggest that server-side validation is required to prevent spam, and one community member shares a link to Cloudflare's documentation on Turnstile server-side validation. However, there is no explicitly marked answer in the comments.

Useful resources
JJeremy
ยท
I put a site live last night with a contact form (webhook). I've already received a few spam emails from it. Are there recommendations on how to best limit this?
2
J
O
p
21 comments
JJohn Siciliano
@paulrudy did you ever crack the code on Turnstile?
OOleg Isonen
We really really need to add Turnstile
OOleg Isonen
I am am also wondering if its usable already over html embed
ppaulrudy
I haven't revisited it. I was waiting for a reply to this comment https://discord.com/channels/955905230107738152/1224947158029963344/1225666799186743327 in case there was something else getting in the way while we wait for a true turnstile integration
ppaulrudy
I just went back to the demo I shared in that thread to take a look, and now I'm being asked to "Upgrade to Pro", so I can't actually play around with it for now
ppaulrudy
Just DM'd Alex to see if he can fix that situation
ppaulrudy
My impression is that it requires server-side validation to work. Or at least not to be spoofed

Edit: obviously. In my demo I was attempting to connect the HTML embed to a Cloudflare worker to do the validation, but running into an issue that I posted about
OOleg Isonen
why? are you using Resource?
OOleg Isonen
Did you loose somehow access to your pro account?
ppaulrudy
Yes, I seem to have lost access to my pro account
ppaulrudy
None of my projects are there. Haven't checked on WS for a couple of weeks
ppaulrudy
DM'ing you about this so as not to hijack the turnstile thread, @Oleg Isonen
OOleg Isonen
That means you logged in using a different account 999999%
OOleg Isonen
you either used different social login github vs google or different email or changed your primary email on github
ppaulrudy
None of those apply
OOleg Isonen
I have heard it a few times (10000 times )
OOleg Isonen
but lets figure this out
ppaulrudy
Ok, back to turnstile. Thanks Oleg for sorting out the GH issue.

My demo no longer shows the turnstile widget. Perhaps something changed with WS since I last played around with it.

If it would be useful for anyone to take a look, here's the link https://apps.webstudio.is/builder/f4079eaa-49af-4520-9897-8574f61703ba?authToken=b9504934-c762-4973-94de-60bc022d61d6&mode=preview

And I can share the code for the cloudflare worker, but it's basically an adapation of what's in the turnstile docs
JJeremy
I've never added turnstile before. It looks like I need server-side validation. @paulrudy , thanks for chiming back in.

https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
tteamdarkpanda
I ran into a similar issue with one of the sites I'd created on WS recently. 2-3 Spam messages every 2-3 days, not bad to bother me right now..but can get annoying soon.
JJeremy
Yeah, it will be a good problem to find a solution to.
Add a reply
Sign up and join the conversation on Discord