Can't reproduce OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
- Petra Prochazkova
-
Onderwerp Auteur
- Offline
Minder
Lees meer
- Berichten: 2
- Ontvangen bedankjes 0
1 week 2 dagen geleden #3581
door Petra Prochazkova
OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days werd gestart door Petra Prochazkova
Hi, I have ochcaptcha 2.0.2 at Joomla 5.4.6 with Shackforms 5.2.4. Ochcaptcha seems to be rendering when I test it by display ochcaptcha, but customer is reporting receiving tons of spam this week, so it is not working properly. Can you please check what might be wrong at
www.alcentrum.cz/cs/kontakt ?
I also tried to add specific form to the settings and disable entering links and set minimum words to 20 but it did not work, because it lets me send the message with 2 words...
I also tried to add specific form to the settings and disable entering links and set minimum words to 20 but it did not work, because it lets me send the message with 2 words...
Graag Inloggen deelnemen aan het gesprek.
- Ruud van Lent
-
- Offline
Minder
Lees meer
- Berichten: 1863
- Ontvangen bedankjes 123
1 week 2 dagen geleden #3582
door Ruud van Lent
Beantwoord door Ruud van Lent in topic OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
Hi Petra,
not able to follow that link: 403: Access Forbidden. Your location (NL) has been disallowed.
So that works
Is that something you can turn off or is it possible to add my IP to an allow list?
if not, can you provide me with the Shack Forms extension so I can try to reproduce it on a test site?
not able to follow that link: 403: Access Forbidden. Your location (NL) has been disallowed.
So that works
Is that something you can turn off or is it possible to add my IP to an allow list?
if not, can you provide me with the Shack Forms extension so I can try to reproduce it on a test site?
Graag Inloggen deelnemen aan het gesprek.
- Petra Prochazkova
-
Onderwerp Auteur
- Offline
Minder
Lees meer
- Berichten: 2
- Ontvangen bedankjes 0
1 week 2 dagen geleden #3583
door Petra Prochazkova
Beantwoord door Petra Prochazkova in topic OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
Hi Ruud, as a precaution I added blocked countries by RSfirewall before we resolve this. I'll open NL, hold on.
Graag Inloggen deelnemen aan het gesprek.
- Ruud van Lent
-
- Offline
Minder
Lees meer
- Berichten: 1863
- Ontvangen bedankjes 123
1 week 2 dagen geleden #3584
door Ruud van Lent
Beantwoord door Ruud van Lent in topic OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
Hi, currently offline (evening here) I can check tomorrow morning, is that okay?
Graag Inloggen deelnemen aan het gesprek.
- Ruud van Lent
-
- Offline
Minder
Lees meer
- Berichten: 1863
- Ontvangen bedankjes 123
1 week 1 dag geleden #3585
door Ruud van Lent
Beantwoord door Ruud van Lent in topic OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
Good morning Petra,
just checked the contact form. It sets the captcha field correct, it also fetches the required token and sets that on the form: so that is all working.
the actual validation of the captcha is done in the back-end (so the form is submitted to the server and there the check is done if all fields are valid, including if the captcha is correct).
This I cannot trouble shoot, as that requires submitting a form and then displaying debug information to determine what is actually received, and how that is handled. This is not something I can do on a production site.
Do you have a test site available that I can temporarily 'break'? or is it possible to get an akeeba backup that I can temporarily restore to my local server? or do you have the ShackForm extension for me so I can install that on my dev server and see if i can reproduce?
just checked the contact form. It sets the captcha field correct, it also fetches the required token and sets that on the form: so that is all working.
the actual validation of the captcha is done in the back-end (so the form is submitted to the server and there the check is done if all fields are valid, including if the captcha is correct).
This I cannot trouble shoot, as that requires submitting a form and then displaying debug information to determine what is actually received, and how that is handled. This is not something I can do on a production site.
Do you have a test site available that I can temporarily 'break'? or is it possible to get an akeeba backup that I can temporarily restore to my local server? or do you have the ShackForm extension for me so I can install that on my dev server and see if i can reproduce?
Graag Inloggen deelnemen aan het gesprek.
- Ruud van Lent
-
- Offline
Minder
Lees meer
- Berichten: 1863
- Ontvangen bedankjes 123
1 week 14 uren geleden #3586
door Ruud van Lent
Beantwoord door Ruud van Lent in topic OchCaptcha 2.0.2 with Shack Forms allows tons of spam these days
Hi Petra,
thanks for providing the Shack Form extension.
I have installed this on a clean J5 and J6 site and implemented ochCaptcha as captcha provider.
unfortunately I was not able to reproduce as every spam I tried was 'blocked' by ochCaptcha.
can you check the following
1. Global config: captcha provider = ochCaptcha
2. ochCaptcha config:
3. tab [submit protection] add a 'protected form' > Identifier = pwebcontact* , Minimum time = 15
4. tab [content protection] add a 'protected form' > Identifier = pwebcontact* , Form Field = fields[zprava] , Minimum words = 5 , Allowed Links = no
5. tab [plugin] display captcha and verbose captcha = yes
Now when going to the contact form the captcha will display and needs 15 seconds (as configured) try to fill in the form before it is complete and submit > this should give error and not email
When captcha 15 seconds is over you should see the verbose information: fields[zprava] should be bold and have minimum words 5 and links = no
try to fill in the form with 4 words in the zprava field and submit, you should get an error (to few words) and no email
If you get these errors, then the captcha works and prevent the form from being submitted
can you give that a test?
thanks for providing the Shack Form extension.
I have installed this on a clean J5 and J6 site and implemented ochCaptcha as captcha provider.
unfortunately I was not able to reproduce as every spam I tried was 'blocked' by ochCaptcha.
can you check the following
1. Global config: captcha provider = ochCaptcha
2. ochCaptcha config:
3. tab [submit protection] add a 'protected form' > Identifier = pwebcontact* , Minimum time = 15
4. tab [content protection] add a 'protected form' > Identifier = pwebcontact* , Form Field = fields[zprava] , Minimum words = 5 , Allowed Links = no
5. tab [plugin] display captcha and verbose captcha = yes
Now when going to the contact form the captcha will display and needs 15 seconds (as configured) try to fill in the form before it is complete and submit > this should give error and not email
When captcha 15 seconds is over you should see the verbose information: fields[zprava] should be bold and have minimum words 5 and links = no
try to fill in the form with 4 words in the zprava field and submit, you should get an error (to few words) and no email
If you get these errors, then the captcha works and prevent the form from being submitted
can you give that a test?
Graag Inloggen deelnemen aan het gesprek.