Contrib.social

Currently Getting a lot of spam with Webforms

Open on Drupal.org β†’
Created on 5 March 2024, 4 months ago
Updated 13 March 2024, 4 months ago

Problem/Motivation

We are currently using reCaptcha v3 on webforms, and currently getting a lot of spam. And they clearly spam submissions. I've exhausted my ability to debug this at the moment and wondering if anyone has thoughts or other options to think through. Thanks.

I've followed the directions here for setting this up.
https://www.drupal.org/docs/contributed-modules/recaptcha-v3/installatio... β†’

When I look at the recaptcha admin in google, I am seeing a lot of submissions, but almost all or at 0.9. Which doesn't seem correct, we should have much more in the failed side of things than accepted.

I'm also seeing this notice in the admin:

We detected that your site is not verifying reCAPTCHA tokens. Please see our developer site for more information.

At first, I was thinking this was probably just cause the module is doing something specific and its a warning and not an error. But now I'm thinking it might be a bigger issue. Looking at the documentation though, as far as I understand, changing anything for that would be module code. Nothing I can do configuring the site.

I have an action setup with a threshold of 0.7. And I have a webform element which uses that action.

I can provide anymore details if necessary. Thanks again for any thoughts.

πŸ’¬ Support request
Status

Closed: works as designed

Version

2.0

Component

Miscellaneous

Created by

πŸ‡ΊπŸ‡ΈUnited States pingevt

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @pingevt
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States pingevt
  • Status changed to Closed: works as designed 4 months ago
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States pingevt

    Just closing the loop on this... I debugged this a lot further. The module and reCAPTCHA v3 is working as designed. It's just terrible at catching spam. I didn't realize this, but reCAPTCHA, doesn't actually look at form submissions, so the "clearly spam" submissions aren't being looked at from that perspective. I'm assuming the bot or whatever was smart enough to spoof reCAPTCHA. I did notice in the submissions, it switched IP after 2 submissions.

    Anyways, for others reference, switched to Honeypot... that seems to be catching everything at the moment. I haven't used it in years, but seems like a great option.. maybe even in conjunction with reCAPTCHA v2 or something...

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024