We've added a double-layer of new security to the Input Forms module. The first layer incorporates Google invisible reCAPTCHA. It is 'invisible' because it automatically detects when bots are entering data into the form without having your members click an 'I am not a Robot' prompt - or having to click all of the pictures in a mosaic that contain a specific object.
The second layer of security is a 'handshake' that is required between the end user's screen and our servers. In other words, a hacker could not set up a form and try to submit data to our server, because each form request contains a unique token that we issue when the form is first requested.
Make sense? Well, if not, just know that we are now able to prevent almost all, if not all, of the robot-completed forms from being submitted. Believe it or not, a bot tries to complete a form about every fifteen minutes on one of our client websites. Of course, this only applies to publicly available forms.
We plan to add reCAPTCHA to other publicly available prompts, such as online directory prompts, in the near future.