reCAPTCHA working, but bots still get through
1,904 views
Skip to first unread message
aldingerco
May 11, 2011, 11:54:17 AM5/11/11
to reCAPTCHA
Having some bot issues, installed a reCAPTCHA with no luck in stopping
the bots.
We have several forms on our site, only 2 of them have CAPTCHAs right
now. All of the forms send an automated email with the form info to us
that we use directly to help customers(we can easily delete the spam
before it causes problems, but it is still annoying).
Example of a form on our site: http://www.aldingercompany.com/Parts_Assistance.php
To me it looks solid, requires appropriate info in the CAPTCHA field
to submit and all.
The bot spam for this form looks like this in our email:
Name: AcRocaPousa
Company: google
Address: http://xenon.blog.bg/biznes/2011/05/01/.738945
City: Le Mans, Alabama 123456
Email: melosa...@aol.com
Phone: 123456
Make: Pontiac
Model: 1990 Cutlass Calais
Part #:
Short Description:
(we don't sell car parts)
Anyone have any ideas how this bot is getting through???
the bots.
We have several forms on our site, only 2 of them have CAPTCHAs right
now. All of the forms send an automated email with the form info to us
that we use directly to help customers(we can easily delete the spam
before it causes problems, but it is still annoying).
Example of a form on our site: http://www.aldingercompany.com/Parts_Assistance.php
To me it looks solid, requires appropriate info in the CAPTCHA field
to submit and all.
The bot spam for this form looks like this in our email:
Name: AcRocaPousa
Company: google
Address: http://xenon.blog.bg/biznes/2011/05/01/.738945
City: Le Mans, Alabama 123456
Email: melosa...@aol.com
Phone: 123456
Make: Pontiac
Model: 1990 Cutlass Calais
Part #:
Short Description:
(we don't sell car parts)
Anyone have any ideas how this bot is getting through???
PJH
May 11, 2011, 12:09:27 PM5/11/11
to reca...@googlegroups.com
On Wed, May 11, 2011 at 4:54 PM, aldingerco <rde...@aldingerco.com> wrote:
To me it looks solid, requires appropriate info in the CAPTCHA field
to submit and all.
Presuming they actually are bots (as opposed to someone being annoying and actually entering the captchas) have you got the verification code handy?
--
PJH
aldingerco
May 11, 2011, 12:13:57 PM5/11/11
to reCAPTCHA
If it is a human, they sure are dedicated.
is the public reCAPTCHA key what you need?
PJH
May 11, 2011, 12:19:44 PM5/11/11
to reca...@googlegroups.com
No - the bit of php code around the bit that's calling recaptcha_check_answer()
--
PJH
--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To post to this group, send email to reca...@googlegroups.com.
To unsubscribe from this group, send email to recaptcha+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/recaptcha?hl=en.
--
PJH
aldingerco
May 11, 2011, 12:28:10 PM5/11/11
to reCAPTCHA
Here is the entire verify file code. Pardon my programing ignorance
just started looking at php a month ago. I am sending the email from
the verify file, is that a problem?
<?php
require_once('recaptchalib.php');
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_REQUEST["recaptcha_challenge_field"],
$_REQUEST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
$fname = $_POST['fname'];
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$hstate = $_POST['hstate'];
$zipcode = $_POST['zipcode'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$make = $_POST['make'];
$model = $_POST['model'];
$part = $_POST['part'];
$qandc = $_POST['qandc'];
//email start
$to = "XXXX...@XXXXXXXXXX.com";
$subject = "Parts Order Request from AldingerCo.com";
$body = "<html>";
$body .= "<body>";
$body .= "<b>AldingerCo.com - Request For Parts</b><br><br>";
$body .= 'The following person has requested to order parts from
AldingerCo.com:<br><br>';
$body .= "Name: " . $fname ."<br>";
$body .= "Company: " . $company ."<br>";
$body .= "Address: " . $address ."<br>";
$body .= "City: " . $city . ", " . $hstate . " " .
$zipcode ."<br><br>";
$body .= "Email: " . $email ."<br>";
$body .= "Phone: " . $phone ."<br>";
$body .= "Make: " . $make ."<br>";
$body .= "Model: " . $model ."<br>";
$body .= "Part #: " . $part ."<br>";
$body .= "<b>Short Description:</b><br>";
$body .= $qandc ."<br><br>";
//$body .= "Transaction ID: " . $transactionid ."<br>";
$body .= "<br><br>";
$body .= "</body>";
$body .= "</html>";
$headers = "From: ser...@aldingerco.com\nX-Mailer: PHP 4.x\nMIME-
Version:1.0\nContent-Type: text/html; charset=iso-8859-1\n";
if (mail($to, $subject, $body, $headers)){
header ("Location: Parts_Order_Thankyou.php");
//header($header);
//header ("Location: thankyou.php");
}else{
//$msg= "Please use the form below to add signatures to the
Database.";
$msg= "";
}
}
?>
Thank you tremendously for looking at this by the way. I am outright
stumped.
just started looking at php a month ago. I am sending the email from
the verify file, is that a problem?
<?php
require_once('recaptchalib.php');
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_REQUEST["recaptcha_challenge_field"],
$_REQUEST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
$fname = $_POST['fname'];
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$hstate = $_POST['hstate'];
$zipcode = $_POST['zipcode'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$make = $_POST['make'];
$model = $_POST['model'];
$part = $_POST['part'];
$qandc = $_POST['qandc'];
//email start
$to = "XXXX...@XXXXXXXXXX.com";
$subject = "Parts Order Request from AldingerCo.com";
$body = "<html>";
$body .= "<body>";
$body .= "<b>AldingerCo.com - Request For Parts</b><br><br>";
$body .= 'The following person has requested to order parts from
AldingerCo.com:<br><br>';
$body .= "Name: " . $fname ."<br>";
$body .= "Company: " . $company ."<br>";
$body .= "Address: " . $address ."<br>";
$body .= "City: " . $city . ", " . $hstate . " " .
$zipcode ."<br><br>";
$body .= "Email: " . $email ."<br>";
$body .= "Phone: " . $phone ."<br>";
$body .= "Make: " . $make ."<br>";
$body .= "Model: " . $model ."<br>";
$body .= "Part #: " . $part ."<br>";
$body .= "<b>Short Description:</b><br>";
$body .= $qandc ."<br><br>";
//$body .= "Transaction ID: " . $transactionid ."<br>";
$body .= "<br><br>";
$body .= "</body>";
$body .= "</html>";
$headers = "From: ser...@aldingerco.com\nX-Mailer: PHP 4.x\nMIME-
Version:1.0\nContent-Type: text/html; charset=iso-8859-1\n";
if (mail($to, $subject, $body, $headers)){
header ("Location: Parts_Order_Thankyou.php");
//header($header);
//header ("Location: thankyou.php");
}else{
//$msg= "Please use the form below to add signatures to the
Database.";
$msg= "";
}
}
?>
Thank you tremendously for looking at this by the way. I am outright
stumped.
PJH
May 11, 2011, 12:51:31 PM5/11/11
to reca...@googlegroups.com
Unfortunately nothing in there is springing out as obviously wrong, however I do have some suggestions...
The first is to use $_POST, not $_REQUEST in recaptcha_check_answer()
The second is to mail some debug to a separate (or even same) address whenever a normal mail goes out. See if there's anything that shows up there.
If you post some (sanitized if necessary) debug mails from both spammers and non-spammers, it might point to where it's going wrong.
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$debug = "\$resp = ";
$debug .= print_r($resp, true);
$debug .= "\$_POST = ";
$debug .= print_r($POST, true);
$to = "XXXX...@XXXXXXXXXX.com"; // change to another email address
$subject = "Debug from submission $transactionid"; // or some other identifier
$headers = "From de...@aldingerco.com";
mail($to, $subject, $debug, $headers);
--
PJH
The first is to use $_POST, not $_REQUEST in recaptcha_check_answer()
The second is to mail some debug to a separate (or even same) address whenever a normal mail goes out. See if there's anything that shows up there.
If you post some (sanitized if necessary) debug mails from both spammers and non-spammers, it might point to where it's going wrong.
Here is the entire verify file code. Pardon my programing ignorance
just started looking at php a month ago. I am sending the email from
the verify file, is that a problem?
<?php
require_once('recaptchalib.php');
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
if (!isset($_POST["recaptcha_challenge_field"]) || $_POST["recaptcha_challenge_field"] == '' ||
!isset($_POST["recaptcha_response_field"]) || $_POST["recaptcha_response_field"] == ''){
die("Didn't arrive here via form, or no captcha entered on the form");
}
if (!isset($_POST["recaptcha_challenge_field"]) || $_POST["recaptcha_challenge_field"] == '' ||
!isset($_POST["recaptcha_response_field"]) || $_POST["recaptcha_response_field"] == ''){
die("Didn't arrive here via form, or no captcha entered on the form");
}
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
/*
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_REQUEST["recaptcha_challenge_field"],
$_REQUEST["recaptcha_response_field"]);
*/
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
$debug = "\$resp = ";
$debug .= print_r($resp, true);
$debug .= "\$_POST = ";
$debug .= print_r($POST, true);
$to = "XXXX...@XXXXXXXXXX.com"; // change to another email address
$subject = "Debug from submission $transactionid"; // or some other identifier
$headers = "From de...@aldingerco.com";
mail($to, $subject, $debug, $headers);
--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To post to this group, send email to reca...@googlegroups.com.
To unsubscribe from this group, send email to recaptcha+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/recaptcha?hl=en.
--
PJH
PopSmith
May 11, 2011, 8:42:57 PM5/11/11
to reCAPTCHA
On May 11, 9:54 am, aldingerco <rdet...@aldingerco.com> wrote:
> Having some bot issues, installed a reCAPTCHA with no luck in stopping
> the bots.
I know it's not bulletproof but I suggest checking into BotScout and/
> Having some bot issues, installed a reCAPTCHA with no luck in stopping
> the bots.
or Project Honeypot. Both of them are free and help prevent bot
registrations while providing little impact on your users and server
resources. They essentially check what was put into the forum (email
address, username, etc.) against a database and if they match then
forum doesn't hit your database.
http://www.botscout.com/
http://www.projecthoneypot.org/
فهد
May 11, 2011, 8:44:00 PM5/11/11
to reca...@googlegroups.com
reCAPTCHA
Sent from my BlackBerry® wireless device from STC
Sent from my BlackBerry® wireless device from STC
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages