Recaptcha still allowing spam

[Zack McCartney]

Hi all,

I recently installed recaptcha on a client's site, but am having some immediate issues. I'm still receiving spam submissions from the forms on which I installed the captcha (at least 15-20 / day)

Does anyone know why this might be?

I can provide additional info if there are no usual things to doublecheck before investigating in-depth.

One thing I noticed; in my recaptcha admin, no usage stats are showing up. The admin says usage is below the limit for displaying, so I figure this might be fine, but wanted to confirm: at what point should I start seeing stats in the admin?

Thanks!

Zack

[hl...@ca.ibm.com]

Hi,

I'm using v2 of the invisible reCaptcha on our site and our automated tests using nightwatch are still able to submit the form successfully 90% of the time. It doesn't seem to be very effective at stopping spam. Have you heard anything more regarding this? Is there a way to bring this up with the reCaptcha team?

Hilton

[Zack McCartney]

Hi Hilton,

Sorry for my delayed response.

I think I was experiencing the same issue you and your team are facing and resolved it: your automated suites are able to submit the form because they're interacting with it headlessly, I'm guessing. As in, they can hit the form without the recaptcha ever loading and blocking them. The recaptcha blocks people, on the front-end at least, only if it loads on the page (I might be technically off here, a senior person at my work explained this to me a while back; sorry!)

Anyway, the solution, the one that worked for me anyway, was to add an additional check to my back-end validation (at least, that's what I did).

Concretely, this meant wrapping the standard validation check (the if (isset  statement here: https://github.com/google/recaptcha/blob/master/examples/example-captcha.php#L71 ) , with an additional check to verify that the recaptcha field actually exists in the form's list of fields (e.g. if(array_key_exists('recaptcha' ). 

If it doesn't, then you know someone's hitting your form headlessly or otherwise circumventing the recaptcha's frontend and you can throw a validation error. In your case, this "person" is your test suite. In my case, it was spammers. Either way, this check can prevent those bunk submissions of the form.

Hope that helps! My bad if wrong.

--
You received this message because you are subscribed to a topic in the Google Groups "reCAPTCHA" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/recaptcha/N8eE5IzIKS8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to recaptcha+...@googlegroups.com.
To post to this group, send email to reca...@googlegroups.com.
Visit this group at https://groups.google.com/group/recaptcha.
For more options, visit https://groups.google.com/d/optout.

[sh...@smbcreativegroup.com]

Hi Zack or Hilton,

Has there been any feedback since you've had this problem with V2?

Can you confirm if this suggestion below has helped?

Dave