I had setup my website using CE3. However, my contact page, which used Google Captcha, began getting hacked by spam messages. I ultimately upgraded the website to Backlight III to take avail of re-Captcha which was said to be more secure than Captcha. I now find that I am beginning to get spam messages again seemingly from Russian bots (email addresses all end in *.ru). Is there a way to upgrade the re-Captcha or otherwise enhance security on my contact page?

Thanks

Aaron

Hi Aaron, Backlight 3 provides support for reCAPTCHA v2 and v3. The approach to tightening security depends on which one you’re using. Are you using v2 or v3?

v2 provides the ‘I am not a robot’ box. v3 doesn’t interrogate the user, but instead provides a spam score.

Ben:

Thanks for the info which is exactly what I was looking for. My version still asks whether the sender is a robot. Assuming v3 is more secure, I would definitely like to upgrade; can you advise how to do this?

Thanks again

v3 isn’t necessarily better at spam protection than v3. They’re different approaches. For v2 you can set the level of protection in your Google account. Have you tried changing settings there?

No, I haven’t but I will revisit both changing settings for v2 or moving on to v3 now that I realize that the latter is also an option. Thanks so much for the help; hope all are well!

Aaron

Ben/Rod: I have re-set the security level on my v2 reCaptcha to maximum. If this doesn’t help, I’ll reach out again if needed to switch to v3. Thanks again for your help.

Aaron

Ben/Rod: I’ve had a sudden increase in spam messages via the contact page. Since they come from website to my website-associated email, I don’t want to block the “sender’s” address. Probably a good time to change to re-captcha v3. Can you advise how to do so?

Thanks

Aaron

Ben/Rod: I figured out how to change to v3. My understanding is that this will provide a spam score. Is there a way to screen the messages by the level of the score?

Thanks

Aaron

Ben/Rod:

Looks like I spoke too soon. I found the drop-down on my Backlight admin page that allowed me to select re-captcha v3 instead of v2; I enabled the former. I sent myself a test email and it never arrived. I went to the Google re-captcha page for my site and it still specifies v2. Looks like I still need some help. Thanks

Aaron

Did you check https://backlight.me/docs/google-recaptcha#about-recaptcha-v3?

Daniel:

Thanks for the reply with the link. The linked article only says to “configure your desired version of reCAPTHA for each website on which you intend to use it”. Obviously, I had an existing entry for my website that specified v2 re-CAPTHA.
Since I couldn’t figure out a way to change it to v3. I went ahead and created another entry for my (the same) website specifying v3.

I had previously changed the dropdown in the backlight admin console from “v2 enabled” to “v3 enabled”. Unfortunately, when I test the message function on the website, I am still unable to generate a message to my email.

Do I need to delete the entry for v2 re-CAPTHA on the Google re-CAPTHA admin console in order to make things work?

Thanks again

Aaron

Daniel:

I looked more closely at my settings on the Backlight admin console and noted that while there is a site and secret key there for v2, there’s nothing entered for v3. I suspect this is contributing to my problem. I was unsure how to deal with this issue…i.e. do I need to generate new keys or can I use the same ones? In addition, I can’t remember how to insert them into the appropriate places in the Backlight admin console. Can you help?

Thanks

Aaron

Be sure to first click on the Edit Settings button. You’ll then have access to the fields:

image857×483 22.5 KB

Ahh…I’ll give that a go. Do you know if I can use the same keys?

Thanks … and happy new year!

Aaron

This doc: https://backlight.me/docs/google-recaptcha/#about-recaptcha-v3
implies you need a different key for each version

Thanks Rod. I’ll try that and see if I can get it to work. If I can, yet still continue to get the spam emails, is it possible to switch back to v2 but change the interface so instead of the simple “I am not a robot” checkbox, the test uses the different sized figures?

Thanks

Aaron

You can use v2 instead if v3 doesn’t work, but I don’t know about the rest. That’s probably a question for Google.

Backlight only handles the keys, and you can decide which reCaptcha type to use for each form. You need to setup your desired reCaptcha settings in your Google account, with whatever options they provide for you.

For v3, please note the two-minute timeout. From our docs:

It’s convenient, but also includes a two-minute timeout. If your form may take longer than two minutes to complete – such as writing a message in a contact form – then reCAPTCHA v3 may not be suitable for your form.

Matt: Good to hear from you. I appreciate your comment. I couldn’t find any options offered on the Google account page other than the checkbox. If we get to that point, I’ll try to research further.

Happy New Year to all!!

Aaron