Re-Captcha Upgrade?

afink01 · August 28, 2020, 9:32pm

I had setup my website using CE3. However, my contact page, which used Google Captcha, began getting hacked by spam messages. I ultimately upgraded the website to Backlight III to take avail of re-Captcha which was said to be more secure than Captcha. I now find that I am beginning to get spam messages again seemingly from Russian bots (email addresses all end in *.ru). Is there a way to upgrade the re-Captcha or otherwise enhance security on my contact page?

Thanks

Aaron

Ben · August 28, 2020, 10:13pm

Hi Aaron, Backlight 3 provides support for reCAPTCHA v2 and v3. The approach to tightening security depends on which one you’re using. Are you using v2 or v3?

v2 provides the ‘I am not a robot’ box. v3 doesn’t interrogate the user, but instead provides a spam score.

afink01 · August 28, 2020, 11:18pm

Ben:

Thanks for the info which is exactly what I was looking for. My version still asks whether the sender is a robot. Assuming v3 is more secure, I would definitely like to upgrade; can you advise how to do this?

Thanks again

rod_barbee · August 28, 2020, 11:29pm

Ben · August 29, 2020, 2:03am

v3 isn’t necessarily better at spam protection than v3. They’re different approaches. For v2 you can set the level of protection in your Google account. Have you tried changing settings there?

afink01 · August 29, 2020, 2:28am

No, I haven’t but I will revisit both changing settings for v2 or moving on to v3 now that I realize that the latter is also an option. Thanks so much for the help; hope all are well!

Aaron

afink01 · August 29, 2020, 12:08pm

Ben/Rod: I have re-set the security level on my v2 reCaptcha to maximum. If this doesn’t help, I’ll reach out again if needed to switch to v3. Thanks again for your help.

Aaron

afink01 · December 27, 2020, 8:14pm

Ben/Rod: I’ve had a sudden increase in spam messages via the contact page. Since they come from website to my website-associated email, I don’t want to block the “sender’s” address. Probably a good time to change to re-captcha v3. Can you advise how to do so?

Thanks

Aaron

afink01 · December 27, 2020, 8:17pm

Ben/Rod: I figured out how to change to v3. My understanding is that this will provide a spam score. Is there a way to screen the messages by the level of the score?

Thanks

Aaron

afink01 · December 27, 2020, 8:31pm

Ben/Rod:

Looks like I spoke too soon. I found the drop-down on my Backlight admin page that allowed me to select re-captcha v3 instead of v2; I enabled the former. I sent myself a test email and it never arrived. I went to the Google re-captcha page for my site and it still specifies v2. Looks like I still need some help. Thanks

Aaron

Daniel · December 28, 2020, 2:45am

Did you check https://backlight.me/docs/google-recaptcha#about-recaptcha-v3?

afink01 · December 28, 2020, 3:34pm

Daniel:

Thanks for the reply with the link. The linked article only says to “configure your desired version of reCAPTHA for each website on which you intend to use it”. Obviously, I had an existing entry for my website that specified v2 re-CAPTHA.
Since I couldn’t figure out a way to change it to v3. I went ahead and created another entry for my (the same) website specifying v3.

I had previously changed the dropdown in the backlight admin console from “v2 enabled” to “v3 enabled”. Unfortunately, when I test the message function on the website, I am still unable to generate a message to my email.

Do I need to delete the entry for v2 re-CAPTHA on the Google re-CAPTHA admin console in order to make things work?

Thanks again

Aaron

afink01 · December 28, 2020, 4:09pm

Daniel:

I looked more closely at my settings on the Backlight admin console and noted that while there is a site and secret key there for v2, there’s nothing entered for v3. I suspect this is contributing to my problem. I was unsure how to deal with this issue…i.e. do I need to generate new keys or can I use the same ones? In addition, I can’t remember how to insert them into the appropriate places in the Backlight admin console. Can you help?

Thanks

Aaron

rod_barbee · December 28, 2020, 4:38pm

Be sure to first click on the Edit Settings button. You’ll then have access to the fields:

afink01 · December 28, 2020, 5:57pm

Ahh…I’ll give that a go. Do you know if I can use the same keys?

Thanks … and happy new year!

Aaron

rod_barbee · December 28, 2020, 8:05pm

This doc: https://backlight.me/docs/google-recaptcha/#about-recaptcha-v3
implies you need a different key for each version

afink01 · December 28, 2020, 8:15pm

Thanks Rod. I’ll try that and see if I can get it to work. If I can, yet still continue to get the spam emails, is it possible to switch back to v2 but change the interface so instead of the simple “I am not a robot” checkbox, the test uses the different sized figures?

Thanks

Aaron

rod_barbee · December 28, 2020, 9:27pm

You can use v2 instead if v3 doesn’t work, but I don’t know about the rest. That’s probably a question for Google.

Matthew · December 28, 2020, 9:49pm

Backlight only handles the keys, and you can decide which reCaptcha type to use for each form. You need to setup your desired reCaptcha settings in your Google account, with whatever options they provide for you.

For v3, please note the two-minute timeout. From our docs:

It’s convenient, but also includes a two-minute timeout. If your form may take longer than two minutes to complete – such as writing a message in a contact form – then reCAPTCHA v3 may not be suitable for your form.

afink01 · December 28, 2020, 10:20pm

Matt: Good to hear from you. I appreciate your comment. I couldn’t find any options offered on the Google account page other than the checkbox. If we get to that point, I’ll try to research further.

Happy New Year to all!!

Aaron