ReCAPTCHA gets bypassed

Resolved rubinstein
(@rubinstein)

6 years, 1 month ago

Hi,

I’m using Google ReCAPTCHA version 2 with Formidable. It’s fully functional, it gets displayed, etc.

But I still get spam submissions that somehow bypass the ReCAPTCHA. And the thing is: I don’t see passed requests for a lot of contact form spam submissions.

For example, I didn’t see any passed request in Google’s ReCAPTCHA console for this successful spam submission:

84.17.48.194 – – [01/May/2020:09:50:51 -0500] “GET / HTTP/1.0” 301 706 “https://example.com/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36”
84.17.48.194 – – [01/May/2020:09:50:52 -0500] “GET / HTTP/1.0” 200 38141 “https://www.example.com/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36”
84.17.48.194 – – [01/May/2020:09:50:53 -0500] “GET /contact/ HTTP/1.0” 200 35685 “https://www.example.com/contact/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36”
84.17.48.194 – – [01/May/2020:09:50:54 -0500] “POST /contact/ HTTP/1.0” 200 37116 “https://www.example.com/contact/” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36”

It’s automated spam, there’s only 1 second between getting the contact page and submitting the form.

To me, it looks like somehow they found out how to directly use Formidable’s form, bypassing the ReCAPTCHA. Maybe it’s a bug in Formidable?

Is there anything I can do to further debug this?

Thanks

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Support Njones35
(@njones35)

6 years, 1 month ago

Hi there,

Thanks for reaching out to us. I am happy to help.

We’ve not had any other reports of reCaptcha being bypassed, so it would be helpful to test to see if anything on your site is interfering with Formidable and causing the issue.

Could you please go through the following steps?
https://formidableforms.com/knowledgebase/what-plugins-are-known-to-cause-conflicts/#kb-how-to-find-a-conflict

If the issue doesn’t show up under these circumstances, you can add each item back in, one at a time, and test after adding each one until you find the culprit.

If you still have the same issue even under default conditions could you please open a ticket in our helpdesk – you should get much faster responses here: https://formidableforms.com/new-topic/

Thread Starter rubinstein
(@rubinstein)

6 years, 1 month ago

Hi @njones35,

Thanks for replying.

After reading your reply I have the hunch that it could be the CleanTalk plugin that’s causing this behavior. I don’t get any spam because of this plugin, but it might be bypassing the ReCAPTCHA in some cases – leading to an entry in their database that I still have to check from time to time, so it would be nice to limit that with a working ReCAPTCHA. So maybe CleanTalk’s integration with Formidable is a bit buggy.

I will do some tests and will follow up with you.

Plugin Support Njones35
(@njones35)

6 years, 1 month ago

Hi @rubinstein,

We don’t have any official integration with CleanTalk – our reCaptcha integration does not require any additional plugins.

Thread Starter rubinstein
(@rubinstein)

6 years, 1 month ago

Hi @njones35,

I meant to say that CleanTalk integrates with Formidable, so it’s their code. They have a special compatibility code AFAIK.

Thank you

Plugin Support Njones35
(@njones35)

6 years, 1 month ago

Thanks for letting me know.

If you do manage to isolate Cleantalk as the cause of your issues, could you please open a ticket with their support team about this?

Thread Starter rubinstein
(@rubinstein)

6 years, 1 month ago

Yes, that’s the plan if I can isolate it’s their plugin.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘ReCAPTCHA gets bypassed’ is closed to new replies.