Hi Bob,
Recaptcha is failing to stop spammers on some of my CF5 installations. I did a bit research and a post on a Google forum said that its most likely due to the spammer (or bot) being able to interact with the form headlessly (as in, they can hit the form without the recaptcha ever loading and blocking them). Could this be the case?
Here's how that person solved the issue: Anyway, the solution, the one that worked for me anyway, was to add an additional check to my back-end validation (at least, that's what I did). Concretely, this meant wrapping the standard validation check (the if (isset statement here: https://github.com/google/recaptcha/blob/master/examples/example-captcha.php#L71 ) , with an additional check to verify that the recaptcha field actually exists in the form's list of fields (e.g. if(array_key_exists('recaptcha' ).
Can you provide any insight on my issue with CF. And, if the solution above might work? Or, if I should do something else? Here are a couple of the forms being affected:
- http://www.browardworkshop.com/contact-us
- http://www.dunhamins.com/about-us/contact-us
Regards,
Jose
Recaptcha is failing to stop spammers on some of my CF5 installations. I did a bit research and a post on a Google forum said that its most likely due to the spammer (or bot) being able to interact with the form headlessly (as in, they can hit the form without the recaptcha ever loading and blocking them). Could this be the case?
Here's how that person solved the issue: Anyway, the solution, the one that worked for me anyway, was to add an additional check to my back-end validation (at least, that's what I did). Concretely, this meant wrapping the standard validation check (the if (isset statement here: https://github.com/google/recaptcha/blob/master/examples/example-captcha.php#L71 ) , with an additional check to verify that the recaptcha field actually exists in the form's list of fields (e.g. if(array_key_exists('recaptcha' ).
Can you provide any insight on my issue with CF. And, if the solution above might work? Or, if I should do something else? Here are a couple of the forms being affected:
- http://www.browardworkshop.com/contact-us
- http://www.dunhamins.com/about-us/contact-us
Regards,
Jose
Do you actually check the captcha in the form submit action?
@healyhatman, I'm not sure I'm following you. The Recaptcha is configured correctly on the back-end configuration and works correctly on the front-end. If you don't click on the square to get a green checkmark, the form doesn't submit.
Please elaborate.
Please elaborate.
Not submitting is front end stuff. Does your submission event have a check that it was done properly?
Yes it does. See attached image.
The form submits properly. If you check the captcha, the form submits. If you don't check the captcha, the form doesn't submit. The issue is that even thought there is a recaptcha, my customer is still getting a ton of spam.
The form submits properly. If you check the captcha, the form submits. If you don't check the captcha, the form doesn't submit. The issue is that even thought there is a recaptcha, my customer is still getting a ton of spam.
Just checking sometimes people forget to put the server side check in.
Back to my original question. Bob, can you help?
Jose
Jose
Hi,
The "Check NoCaptcha" action checks the existence and validity of the Google captcha field, so the bot can not skip that, maybe you are just getting some human spam, Google can not block that.
Best regads
The "Check NoCaptcha" action checks the existence and validity of the Google captcha field, so the bot can not skip that, maybe you are just getting some human spam, Google can not block that.
Best regads
Hi Jose,
I suggest that you have a look at some of the Spam emails to see what they have in common - are there empty fields, are the IP addresses the same? (You can add a Save Data action to keep a record if necessary.)
Then you can add server-side validation to check for empty fields, block some IP addresses, block content with URLs, etc.
Bob
I suggest that you have a look at some of the Spam emails to see what they have in common - are there empty fields, are the IP addresses the same? (You can add a Save Data action to keep a record if necessary.)
Then you can add server-side validation to check for empty fields, block some IP addresses, block content with URLs, etc.
Bob
This topic is locked and no more replies can be posted.
