function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Jillc428Jillc428 

Issue with one of our brazil websites Importing thousands of Duplicate leads for the last 3 days?

We have an issue with the General Inquiry form our Brazil website. In short there seems to be an issue that the form is continuing to submit information over and over again to Salesforce resulting in thousands of leads loaded to our Salesforce. Perhaps it is a robot or something continuously hitting the site as there is a great deal of duplicates?

 

They have shut down the form on 7/19 immediately. When the dupe leads are imported daily one of our Salesforce admins receives the SFDC email alerts that we have reached our max lead imports for the day so I have to immediately delete these to stop his alerts.

 

This behavior seems to happen around 2PM eastern time for the last 3 days

 

on 7-19 they stated that they werer taking measures to prevent problems like this by installing a CAPTCHA validation at our forms, preventing their “automated” use by robots, and also by limiting the daily usage of our SalesForce interface to 500 hits. These measures will prevent any issue like the one encountered today from happening again.

They still cannot find any evidence that our system has been generating these dupe leads the last two days

 

all they can think of is that it may be indeed some sort of “buffer” at SalesForce that saved some of yesterday’s leads and is showing them today. They have  DELETED the SalesForce function from our forms, so they can guarantee that they are not generating any new lead until we apply the security measures mentioned yesterday.

 

The latest update from our Webform users is

As yesterday, we have no evidence of any communication with the SalesForce interface from our systems. The function is still removed from our forms. We also rebooted BSI Brazil’s servers to make sure there’s no “lost process” running out of our knowledge.

 

We already have all new security measures in place at our forms (CAPTCHA and daily limit of 500 hits) but we have not enabled the interface again as we wanted to make sure this behavior we encountered yesterday didn’t occur again today, as it did.

 

Because the number of leads found today is similar to yesterday’s (and probably the content is the same as they have the same origin form data), and even the time they appeared is similar, there’s a chance that there’s some kind of buffer in SalesForce that saved some of the leads that went over the quota and is running a process at this time of day to dump these buffered records.

 

Two technical information that would help us determine the source of these leads would be 1) the originating IP that created the lead and 2) the time that the lead was received at the SalesForce POST interface (probably different from the time that the lead was actually created within SalesForce, as it shows today’s date). These data can be retrieved from the logs of the SalesForce web server responsible for receiving the POST data.

 

If the SalesForce support team can confirm the existence of a buffer that is holding all leads that went over the quota two days ago and is slowing adding them to SalesForce, it would explain the issue. If not, those 2 technical information can help us determine for sure where the leads are coming from. If there’s a buffer, there’s a chance that there are more leads queued waiting to be added. If that’s true, this “buffer” should be deleted to avoid similar leads in the following days

 

Any ideas of what could be causing this?

 

Thanks

 

sfdcfoxsfdcfox

Did you use a "raw" web to lead form? In other words, did your site contain code similar to the following:

 

<form method="post" action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=utf-8">
 <input type="hidden" name="oid" value="00DX00000000000"/>
 <!-- other fields here -->
</form>

If so, you may be subject to a replay attack. This occurs when a copy of the form is saved by the spam-bot and replays the form submission over and over again. I'd like to see the content of one of these records personally; I've gotten pretty good at identifying spam leads.

 

Regrettably, changing your form after its already been saved for a replay attack by the bot is pointless. It can replay over and over again, and there's not much you can do about it. Let me be perfectly clear: your organization ID is unchanging, and is a virtual gold mine opportunity for anyone wishing to spam your organization (web to lead, web to case, etc, etc). I recommend that you never expose your organization ID to anyone, especially the public Internet, because if someone knows what they're doing, they can easily spam you indefinitely.

 

Here's a really easy fix; this is documented in the Help & Training window:

 

1) Create a custom field on Leads. Call it something like "Web Lead Validation."

2) Make a validation rule that reads AND(LeadSource="Web",NOT(Validated__c="Validated")).

3) Change your form to a post-back form, and provide the Validated value for that custom field.

 

What happens with this setup is that the system will check validation rules before committing the record; no spam record is created, and no emails are sent out. This is the approved method for breaking a spammer's cycle.

 

Edit: As an addendum, I should note that salesforce.com doesn't replayleads itself. It removes them from the queue after attempting to insert the lead. Unless you have a person that's clicking on the submit button 500 times before the page is done loading, it's highly likely that there's a bot involved.
Jillc428Jillc428

Thank you for your quick response.

 

That makes good sense.  We are going to see if we get hit again today – if so then we could add a validation rule that says:

 

AND(Source_Sub_Category__C=”Website”,Web_Form_URL__c=" http://www.bsibrasil.com.br/eventos/")

 

Basically this would block all leads posting with that URL so, obviously this would mean that Daniel would need to change the page name for this form when it is put live again, i.e. http://www.bsibrasil.com.br/eventos2/

 

Alternatively he can implement as suggested below and then the validation rule would need to look like:

 

AND(Web_Form_URL__c=" http://www.bsibrasil.com.br/eventos/", NOT(Validated__c="Validated")​)

 

…with making sure he posts the “Validated” value to the new field we would need to create when the new form goes live.

 

 

 If we have additional questions I will reach out.

Thanks so much

 
Jillc428Jillc428

We got hit again today for the 4th time this week. 

 

It was suggested that I add in a validation rule to block this webform

 

I entered this in the lead validation rule section and keep receiving syntex errors, do you have an idea what I am missing?

 

 

 

AND(Source_Sub_Category__C=”Website”,Web_Form_URL__c=" http://www.bsibrasil.com.br/eventos/")

 

Thanks
sfdcfoxsfdcfox

I presume Source_Sub_Category__c is a picklist? Try this:

 

AND(ISPICKVAL(Source_Sub_Category__C,”Website”),Web_Form_URL__c=" http://www.bsibrasil.com.br/eventos/")

 
sunny.dale5sunny.dale5

wow that seems a major problem. but with the help of contributors, you will be lead to te right way of solvng your dilemma.
Jillc428Jillc428

we have the validation rule in place and the leads have stop coming now. thanks so much for your help on this.
sunny.dale5sunny.dale5

Ahh okay i see.. :manwink: