Noob Question on ReCaptcha

Creative Contact Form is a responsive jQuery contact form with amazing visual effects. You will be surprised by count of all the possible features!
Sat Nov 25, 2017 1:29 am

  • I am using the Business edition of the Creative Contact Form.

    I-am-not-a-robot.PNG
    screenshot
    I-am-not-a-robot.PNG (23.97 KiB) Viewed 131 times


    I pasted the keys I got from Google into the Site Key and Server Key fields and when I test the form by checking the box next to I am not a robot the form is sent successfully. If I do not check the box, the form will not send. My question is how exactly do I know if the "I am not a robot." ReCaptcha is actually working? What I mean is, couldn't a bot be programmed to look for this form and check it?

    I read through the documentation Google mentioned adding
    Code: Select all
    <script src='https://www.google.com/recaptcha/api.js'></script>
    before the closing </head> tag on your HTML template and then adding
    Code: Select all
    <div class="g-recaptcha" data-sitekey="xxxxxxxxxxxxxxxxxxxx"></div>
    at the end of the <form> where you want the reCAPTCHA widget to appear. Are these snippets automatically added when we enter the keys in the field parameters?

    Google goes on to say that set 2 is Server Side Integration and that when my users submit the form where I integrated reCAPTCHA, I will get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a POST request with these parameters:
    URL: https://www.google.com/recaptcha/api/siteverify

    secret (required) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    response (required) The value of 'g-recaptcha-response'.
    remoteip The end user's ip address.

    Where do I find this string and how to I send a POST request to the siteverify URL?

    I hope this post is clear. Thank you.
    johnniendorf
     
    Posts: 2
    Joined: Sat Nov 25, 2017 12:43 am

Tue Nov 28, 2017 11:44 pm

  • Dear Customer

    This is very interesting question. Thank you.
    Recaptcha is supposed to be the most advanced security system identifying bots/robots.
    When it suspects that a user is not human, it gives additional objectives such as: 9 photos are being displayed and it says mark all the shops in photos. Bots usually fail to mark them...

    However we must remember that recaptcha has been made by human beings and it has some vulnerabilities. For example watch this video https://www.youtube.com/watch?v=I5mHY0UpAMg

    Nowadays spamming via contact forms is not spread that much, because most forms are used just to receive simple text not an attachment. So you don't have to worry about it. Even if you have enabled attachments that user can send you some files, remove the availability of sending executable files and compressed folders which can contain executable files.

    Hope this helps.
    Stay safe! ;)


    Thanks
    Best Regards
    Levon

    CreativeSolutions
    User avatar
    Levon
     
    Posts: 475
    Joined: Fri Jul 01, 2016 8:05 pm



Return to Creative Contact Form




Information
  • Who is online
  • Users browsing this forum: No registered users and 3 guests