Everyone has had a spam submission sneak through their forms, even with captcha enabled — here's a glimpse into how that happens.
We're big fans of session recording as a means of UX research, and have previously posted about the value of session recording in UX testing.
Reviewing data for our own site, we came across the following session that shows a bot aggressively trying to submit our contact form:
Some interesting points about this session:
- This bot is operating in a fully javascript-enabled browser engine. It's not your old-school "parse the HTML data and try to find form and input tags" bot. This one is able to see the fully rendered version of your page, and is able to mimic actual mouse clicks to try to find what it's looking for.
- It's able to navigate to multiple pages as it tries so desperately to send some spam our way.
- This bot would thwart any anti-spam measure that assumes that the bot isn't javascript-capable. For example, we're fans of the "antibot" module for Drupal, but this bot would beat that particular type of captcha.
What else can session recording tell you about your website or web application? Feel free to read more about our UX Research, UX design, and UX testing capabilities.