umbrellax2 wrote:spammers are sending AUTOMATED emails through my Joomla 3.8 sites using a form captcha doesn't seem to work on.
I do not believe you. I believe the code. Facts are facts. If the Google reCaptcha is set up correctly then the form cannot be used to spam.
umbrellax2 wrote:Clients are complaining (and asking, "Why don't we switch to Wordpress?"), so I'm just trying to fix the problem.
Your problem not Joomla's.
umbrellax2 wrote:At my host, InMotion Hosting, advanced support has resorted to using htaccess to block certain links which don't even exist in our pathing structure(!)
Yes, pathetic webhosts like to do pathetic things.
umbrellax2 wrote:Since I have about 80 active sites, rewriting htaccess every time we find this happening seems clumsy and heavy handed to me.
Then CORRECTLY set up your sites with Google reCaptcha version 2.x
umbrellax2 wrote:So, back to a solution. Any other ideas anyone?
So have you stopped blaming Joomla for being vulnerable?
If you can PROVE that you have set up Google Recaptcha v2 correctly in your Joomla site, and you can PROVE that spammers are submitting that form, and passing the captcha, then I would be interested. However. I have investigated several of these today across many webhosts and many sites, and the traffic is all the same, and the solution, - well you dont like it, but is to set up the CAPTCHA correctly. As soon as that is done the traffic continues, but the form submissions are abandoned as they do not pass validation. I have repeated this on many sites on many servers globally in the last 24 hours. Facts.