Can't reproduce OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days

Hi, I have ochcaptcha 2.0.2 at Joomla 5.4.6 with Shackforms 5.2.4. Ochcaptcha seems to be rendering when I test it by display ochcaptcha, but customer is reporting receiving tons of spam this week, so it is not working properly. Can you please check what might be wrong at  www.alcentrum.cz/cs/kontakt ?

I also tried to add specific form to the settings and disable entering links and set minimum words to 20 but it did not work, because it lets me send the message with 2 words...

Hi Petra,

not able to follow that link: 403: Access Forbidden. Your location (NL) has been disallowed.

So that works

Is that something you can turn off or is it possible to add my IP to an allow list?

if not, can you provide me with the Shack Forms extension so I can try to reproduce it on a test site?

Hi Ruud, as a precaution I added blocked countries by RSfirewall before we resolve this. I'll open NL, hold on.

Hi, currently offline (evening here) I can check tomorrow morning, is that okay?

Good morning Petra,
just checked the contact form. It sets the captcha field correct, it also fetches the required token and sets that on the form: so that is all working.
the actual validation of the captcha is done in the back-end (so the form is submitted to the server and there the check is done if all fields are valid, including if the captcha is correct).

This I cannot trouble shoot, as that requires submitting a form and then displaying debug information to determine what is actually received, and how that is handled. This is not something I can do on a production site.

Do you have a test site available that I can temporarily 'break'? or is it possible to get an akeeba backup that I can temporarily restore to my local server? or do you have the ShackForm extension for me so I can install that on my dev server and see if i can reproduce?

Hi Petra,
thanks for providing the Shack Form extension.
I have installed this on a clean J5 and J6 site and implemented ochCaptcha as captcha provider.
unfortunately I was not able to reproduce as every spam I tried was 'blocked' by ochCaptcha.

can you check the following
1. Global config: captcha provider = ochCaptcha
2. ochCaptcha config:
3. tab [submit protection] add a 'protected form' > Identifier = pwebcontact* , Minimum time = 15
4. tab [content protection] add a 'protected form' > Identifier = pwebcontact* , Form Field = fields[zprava] , Minimum words = 5 , Allowed Links = no
5. tab [plugin] display captcha and verbose captcha = yes

Now when going to the contact form the captcha will display and needs 15 seconds (as configured) try to fill in the form before it is complete and submit > this should give error and not email
When captcha 15 seconds is over you should see the verbose information: fields[zprava] should be bold and have minimum words 5 and links = no
try to fill in the form with 4 words in the zprava field and submit, you should get an error (to few words) and no email

If you get these errors, then the captcha works and prevent the form from being submitted

can you give that a test?