Buy Now
Sign in

Recaptcha still letting spam through

baxterdown , July 11 at 12:28
baxterdown
Hi Bob,
Recaptcha is failing to stop spammers on some of my CF5 installations. I did a bit research and a post on a Google forum said that its most likely due to the spammer (or bot) being able to interact with the form headlessly (as in, they can hit the form without the recaptcha ever loading and blocking them). Could this be the case?
Here's how that person solved the issue: Anyway, the solution, the one that worked for me anyway, was to add an additional check to my back-end validation (at least, that's what I did). Concretely, this meant wrapping the standard validation check (the if (isset  statement here: https://github.com/google/recaptcha/blob/master/examples/example-captcha.php#L71 ) , with an additional check to verify that the recaptcha field actually exists in the form's list of fields (e.g. if(array_key_exists('recaptcha' ).
Can you provide any insight on my issue with CF. And, if the solution above might work? Or, if I should do something else? Here are a couple of the forms being affected:
- http://www.browardworkshop.com/contact-us
- http://www.dunhamins.com/about-us/contact-us
Regards,
Jose
H
healyhatman
Do you actually check the captcha in the form submit action?
Web developer at SkySpider.com.au
I don't work for ChronoEngine but I do accept donations paypal.me/healyhatman
baxterdown
@healyhatman, I'm not sure I'm following you. The Recaptcha is configured correctly on the back-end configuration and works correctly on the front-end. If you don't click on the square to get a green checkmark, the form doesn't submit.
Please elaborate.
H
healyhatman
Not submitting is front end stuff. Does your submission event have a check that it was done properly?
Web developer at SkySpider.com.au
I don't work for ChronoEngine but I do accept donations paypal.me/healyhatman
baxterdown
Yes it does. See attached image.
The form submits properly. If you check the captcha, the form submits. If you don't check the captcha, the form doesn't submit. The issue is that even thought there is a recaptcha, my customer is still getting a ton of spam.
Attachments
form_01.jpg
form_01.jpg
(108.25 KiB)
36 Downloads/Views
H
healyhatman
Just checking sometimes people forget to put the server side check in.
Web developer at SkySpider.com.au
I don't work for ChronoEngine but I do accept donations paypal.me/healyhatman
baxterdown
Back to my original question. Bob, can you help?
Jose
admin
Hi,
The "Check NoCaptcha" action checks the existence and validity of the Google captcha field, so the bot can not skip that, maybe you are just getting some human spam, Google can not block that.
Best regads
Max
If your main question got answered then please mark the answer using the button!​
​Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
GreyHead
Hi Jose,
I suggest that you have a look at some of the Spam emails to see what they have in common - are there empty fields, are the IP addresses the same? (You can add a Save Data action to keep a record if necessary.)
Then you can add server-side validation to check for empty fields, block some IP addresses, block content with URLs, etc.
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much