Announcement

Collapse
No announcement yet.

Modules and ReCaptcha 3

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Modules and ReCaptcha 3

    I have a custom module that processes a form. Unfortunately, this form is being used in attacks. The attacks are mostly harmless where the result is lots of useless data is inserted into the tables. I am told that the configurable options in ReCaptcha 3 to filter/screen this form are NOT working. What would the steps be to troubleshoot the form's ReCaptcha config or to make ReCaptcha work where the form processing is handled in the module?

    Thanks,

    Scott
    Need to offer Shipping Insurance?
    Interactive Design Solutions https://www.myids.net
    MivaMerchant Business Partner | Certified MivaMerchant Web Developer
    Competitive Rates, Custom Modules and Integrations, Store Integration
    AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
    My T-shirt Collection is mostly MivaCon T-shirts!!

    #2
    Are you using the miva recaptcha moduel? If so, will you screenshot and post your form settings?

    As an aside, I was able to completely stop bot/spam attacks completely on contact forms on a couple of sites by replacing all links to the contact page with form submit buttons that are styled to look like links. The form sends a hidden variable that I check for on the contact page. If it's not there I put up a little message saying to call for direct support or whatever the store admin wants. So far this hack has worked 100% for several months now.
    M.A.D.* since 1997

    http://www.scotsscripts.com

    *miva application developers

    Comment


      #3
      ids Is the form that is being submitted rendered on the page?

      Under normal circumstances, this is the flow of the reCAPTCHA functionality:
      - User view the page.
      - Page loads and the reCAPTCHA JS finds the form data configured in the reCAPTCHA settings.
      - If found, it hooks the submit (overwrites it so it can make its own request and then trigger the submit).
      - User triggers a form submit.
      - reCAPTCHA blocks the submit, triggers the reCAPTCHA response token generation, receives the token, inserts the token in the form as a hidden input and then triggers the original submit.

      I have seen issues when stores have a lightbox that generates the form or if the form is using JavaScript to submit the form.

      Nicholas Adkins
      Technical Training Specialist / Miva, Inc.
      [email protected]
      https://www.miva.com/mivalearn

      Comment


        #4
        Thanks Nick. I'm thinking I'd need to reconfigure the set up a bit in this specific scenario.

        I don't recall seeing the actual JS. What's the mechanism for the ReCaptcha JS to be included on the page? Is it a component Item style call? I haven't had a chance to look at this detail yet.

        Thanks,

        Scott

        Need to offer Shipping Insurance?
        Interactive Design Solutions https://www.myids.net
        MivaMerchant Business Partner | Certified MivaMerchant Web Developer
        Competitive Rates, Custom Modules and Integrations, Store Integration
        AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
        My T-shirt Collection is mostly MivaCon T-shirts!!

        Comment


          #5
          Originally posted by Scot - ScotsScripts.com View Post
          Are you using the miva recaptcha moduel? If so, will you screenshot and post your form settings?

          As an aside, I was able to completely stop bot/spam attacks completely on contact forms on a couple of sites by replacing all links to the contact page with form submit buttons that are styled to look like links. The form sends a hidden variable that I check for on the contact page. If it's not there I put up a little message saying to call for direct support or whatever the store admin wants. So far this hack has worked 100% for several months now.
          Thanks Scot.

          This particular store doesn't have any version of a Honey Pot to help filter malicious form submissions. I'll see what I can do there.

          Scott
          Need to offer Shipping Insurance?
          Interactive Design Solutions https://www.myids.net
          MivaMerchant Business Partner | Certified MivaMerchant Web Developer
          Competitive Rates, Custom Modules and Integrations, Store Integration
          AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
          My T-shirt Collection is mostly MivaCon T-shirts!!

          Comment


            #6
            ids When you install the module a JS resource is added to the store. The resource is added to the modules resource group. So when the <mvt:item name="head" param="modules" /> is added to the template the JS resource will render.
            Nicholas Adkins
            Technical Training Specialist / Miva, Inc.
            [email protected]
            https://www.miva.com/mivalearn

            Comment


              #7
              Thanks Nick.
              Need to offer Shipping Insurance?
              Interactive Design Solutions https://www.myids.net
              MivaMerchant Business Partner | Certified MivaMerchant Web Developer
              Competitive Rates, Custom Modules and Integrations, Store Integration
              AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
              My T-shirt Collection is mostly MivaCon T-shirts!!

              Comment

              Working...
              X