How We Blocked an IP from Accessing HubSpot Pages

It’s Saturday, and we received an interesting email from one of our clients. The client said that someone was manually spamming their HubSpot forms with odd data. HubSpot is good at blocking spammers, but manual spam is really hard to catch. The client asked us to block this person from accessing their HubSpot pages.

There were several obstacles for accomplishing what the client wanted: 1) we didn’t know the IP of the person because HubSpot doesn’t tell us, 2) there is no method to block an IP in HubSpot (you can only block an IP from being tracked), 3) there is no method to block an individual email in HubSpot (you can only block domains), and 4) even if there was a method to block individual emails in HubSpot, it wouldn’t work, because the spammer was using a different email each time they submitted a form.

So what did we do?

There was a service on one of the client’s servers that was called when someone visited any of their HubSpot pages, so, going through the logs helped us determine the IP of the person. That was a first step!

The next step was to block the IP. What we did was that we added the following code to the JavaScript file that is loaded on all the client’s HubSpot pages:

$( document ).ready(function() {
	if ('{{request.remote_ip}}' == 'Offending IP Address')
		document.body.parentElement.innerHTML = 'Blocked';

And that’s it! That IP was seeing a blocked message when they were trying to fill out the form.

There are a couple of notes about this solution: 1) This is a JavaScript solution, so it might not be ideal, and 2) using the {{request.remote_ip}} HubL variable results in HubSpot no longer using page caching, which might impact the speed of the page load.

We hope that you found this post useful! If you need help with the implementation, or if you need development work for HubSpot, then please contact us. Our rates are still affordable, our work is still top notch, and we always care for our clients!

No comments yet.

Leave a comment