Advertisement

Using invisible reCAPTCHA

General questions relating to Joomla! 5.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Post Reply
omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Using invisible reCAPTCHA

Post by omroepmuseum » Thu Jun 20, 2024 9:04 pm

Our website runs Joomla 5.1.0 and we use invisible reCAPTCHA for a user form. In the Joomla! Project plugin "CAPTCHA - invisible reCAPTCHA" version 3.8, I introduced the proper Google reCAPTCHA v3 codes. And everything seemed to work fine. During the second half of may, numerous "attacks" on our user form happened. I could see that, using the Google reCAPTCHA graphical visualisation of the attacks. There I saw numerous "attacks" having scores of 0,1 (this points to high risk users of the form). BUT, these "attacks" were NOT stopped by reCAPTCHA! So we ended up with numerous junk mails. I tried to see where I misconfigured the plugin or where I could set a threshold for the score (e.g. 0,5), but I didn't find it.
So I turned to a third-party plugin, the SharkyKZ plugin "Captcha - reCAPTCHA v3" version 1.1.1. In this plugin a threshold value for the score can be added. I added 0,5.
And a couple of days ago, we again had two "attacks". And this time, both of them were stopped by reCAPTCHA.
So I came to the conclusion that the default Joomla! Project plugin "CAPTCHA - invisible reCAPTCHA" version 3.8 DOES NOT DO THE JOB! Or am I not using it properly?

Kind greetings, Hendrik

Advertisement
mtgg
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Thu Apr 04, 2024 11:17 pm

Re: Using invisible reCAPTCHA

Post by mtgg » Thu Jun 20, 2024 9:11 pm

Google reCAPTCHA is a preventation but it is not a cure. CAPTCHA software, (i.e. CAPTCHA plugins, by themselves) cannot completely eradicate internet spam; they never have and they never will and no-one can claim that they are 100% effective. Google reCAPTCHA is pretty good; it's not perfect.

If someone wants to spam a website they will spam a website. If someone wants to send you spam emails, text messages, etc. they will. It's something we all just have to live with. Some websites seem to attract more spam than others just as some people seem to attract attention from spammers.

omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Re: Using invisible reCAPTCHA

Post by omroepmuseum » Fri Jun 21, 2024 7:42 pm

Dear mtgg, you obviously haven't read my post very well. It says that Google reCAPTCHA v3 clearly has indicated lots of "attacks" as spam by giving them a extremely low score of 0,1. BUT nevertheless the Joomla! Project plugin "CAPTCHA - invisible reCAPTCHA" did NOT stop these mails. And a third-party plugin DOES work.
Hoping to receive a more intelligent answer!

Hendrik

mtgg
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Thu Apr 04, 2024 11:17 pm

Re: Using invisible reCAPTCHA

Post by mtgg » Fri Jun 21, 2024 7:52 pm

If a third party, non-“invisible” CAPTCHA plugin works better than the built-in plugin that comes with the Joomla core CMS, that’s good. I’m sorry that my reply was not intelligent enough for you.

I assumed you wanted to know how to use the Google invisible reCAPTCHA plugin that comes with Joomla. As far as I know, the standard plugin works as documented but, in terms of how effective it is in stopping spam, it’s anyone’s guess what CAPTCHA solution is completely spam-proof, isn’t it?

Good luck and, again, I’m sorry. Everyone I speak with has a different opinion - even your own sources seems to have given Google reCAPTCHA a low score - about how to totally eradicate online spam, but that’s a different question, I think.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44233
Joined: Sat Apr 05, 2008 9:58 pm

Re: Using invisible reCAPTCHA

Post by Webdongle » Sat Jun 22, 2024 9:53 am

One of the biggest causes of spam is the 'send copy' field. There was (afaik still is) no limit to the number of characters.
The spammer puts spam links/blurb in your contact form and numerous email addresses in the 'send copy' field. Your site then sends copies to all the email addresses.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Post by omroepmuseum » Sat Jun 22, 2024 4:15 pm

I have the impression that my remark is not well understood. Let me try to explain again. So: during the second half of may we received numerous "spam mails" from our user form. When I examined the Google reCAPTCHA interface, I saw that the Google reCAPTCHA logic clearly had indicated these attacks as "high risk" - because Google reCAPTCHA had given them a very low score of 0,1. So: Google reCAPTCHA worked well. My question is: why DIDN'T the Joomla! Project plugin "CAPTCHA - invisible reCAPTCHA" block them. I assume this plugin uses the scores that Google reCAPTCHA calculates and acts upon it.
In brief: Google indicates these "attacks" DEFINITELY as spam but the plugin does NOT block them!?

mtgg
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Thu Apr 04, 2024 11:17 pm

Re:Using invisible reCAPTCHA

Post by mtgg » Sat Jun 22, 2024 6:27 pm

omroepmuseum wrote: Sat Jun 22, 2024 4:15 pmGoogle indicates these "attacks" DEFINITELY as spam but the plugin does NOT block them!?
That's right. Google reCAPTCHA "works" but it is not 100% successful/effective in blocking the attacks. As I wrote before, no CAPTCHA software is 100% effective in blocking spam.

webmasterab
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Sun Sep 24, 2017 12:49 pm

Re: Using invisible reCAPTCHA

Post by webmasterab » Sat Jun 22, 2024 7:28 pm

Which component do you use for the form?
Can you share the link of the page where the form is located.

omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Re: Using invisible reCAPTCHA

Post by omroepmuseum » Mon Jun 24, 2024 7:43 pm

Once again, my topic is NOT about reliability of Google reCAPTCHA v3!
I will try another way by asking questions.
I assume it is Google that calculates the score of the reCAPTCHA v3. Correct?
I assume it is the plugin that uses this score to do go on with the form or block it. Correct?
If Google reCAPTCHA v3, in my case, gives low scores (0,1) to the mails I mentioned, this means that Google reCAPTCHA indicates these as "high risk", "spam", ... Correct?
In that case, why DOESN'T the default plugin block them?

Note: the third-party plugin I use instead, also uses this SAME score of Google reCAPTCHA v3. BUT consequently blocks the mails.

So: we have two plugins both using the SAME reCAPTCHA v3 score: the third-party plugin BLOCKS "high risk" mails and the other one DOESN'T. Why?

mtgg
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Thu Apr 04, 2024 11:17 pm

Re: Using invisible reCAPTCHA

Post by mtgg » Mon Jun 24, 2024 8:03 pm

If you think the CAPTCHA software in Joomla 5.1 is broken, report it using the Issue Tracker: https://issues.joomla.org/

You will need to sign up for a GitHub account to report the fault.

webmasterab
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Sun Sep 24, 2017 12:49 pm

Re: Using invisible reCAPTCHA

Post by webmasterab » Mon Jun 24, 2024 8:48 pm

If you have upgraded Joomla to version 5 then the plugin has not been removed.
However, this is no longer available in new installations.
Read more here https://dj-extensions.com/blog/general/ ... sers-guide

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44233
Joined: Sat Apr 05, 2008 9:58 pm

Re: Using invisible reCAPTCHA

Post by Webdongle » Mon Jun 24, 2024 11:51 pm

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

phimconheo
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Jun 25, 2024 10:32 am

Re: Using invisible reCAPTCHA

Post by phimconheo » Tue Jun 25, 2024 10:41 am

Can you show us a sample page?

omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Re: Using invisible reCAPTCHA

Post by omroepmuseum » Fri Jun 28, 2024 9:09 pm

As suggested by mtgg, I will report it using the Issue Tracker: https://issues.joomla.org/.
Thanks for the replies!

Hendrik

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44233
Joined: Sat Apr 05, 2008 9:58 pm

Re: Using invisible reCAPTCHA

Post by Webdongle » Fri Jun 28, 2024 9:23 pm

Link to the report would be useful.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 31142
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Using invisible reCAPTCHA

Post by Per Yngve Berg » Sat Jun 29, 2024 8:27 am

A Plugin for J3.8 will not probably work in J5. There is no core Captcha Plugins in Core J5.

mtgg
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Thu Apr 04, 2024 11:17 pm

Re: Using invisible reCAPTCHA

Post by mtgg » Sat Jun 29, 2024 8:32 am

Per Yngve Berg wrote: Sat Jun 29, 2024 8:27 amThere is no core Captcha Plugins in Core J5.
It may be true for brand new installations of Joomla 5; I haven't tested it yet. It is definitely not true for websites that are migrated from J4 to J5.

If people upgrade from J4 to J5 the "invisible reCAPTCHA" plugin is removed as part of the process. I've read complaints/observations from people about missing Google reCAPTCHA in J5 (e.g. viewtopic.php?t=1006840) and the advice is to install a third-party plugin. Either Joomla supports its own plugins or it doesn't, wouldn't you think?

Perhaps the developers have abandoned CAPTCHA and left it to third-party developers to fill the gap? There is a very brief sentence in this article: https://magazine.joomla.org/all-issues/ ... f-joomla-5
Enhanced Security ... and the removal of no longer functional Recaptcha plugins boosts security.
There are many articles on the internet about the new features added to J5; there are not many articles that talk about the features that were removed from J5.

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2660
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Using invisible reCAPTCHA

Post by JAVesey » Sat Jun 29, 2024 11:21 am

mtgg wrote: Sat Jun 29, 2024 8:32 amIf people upgrade from J4 to J5 the "invisible reCAPTCHA" plugin is removed as part of the process.
Almost.

From memory (so I could be wrong), if a core Captcha was in use at the time of the upgrade then it wasn’t removed. Unused ones were removed. I have the “invisible ReCaptcha” in use on my J5.1.1 site as a result of this.
John V
Cardiff, Wales, UK
Joomla 5.1.2 "live" site on PHP 8.2.15 and MariaDB 10.11.8 (with b/c plugin enabled)
Joomla 5.1.2 on XAMMP for MacOS with PHP 8.2.4 and MariaDB 10.4.28 (with b/c plugin enabled)

webmasterab
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Sun Sep 24, 2017 12:49 pm

Re: Using invisible reCAPTCHA

Post by webmasterab » Sat Jun 29, 2024 2:32 pm

JAVesey wrote: Sat Jun 29, 2024 11:21 am
Almost.

From memory (so I could be wrong), if a core Captcha was in use at the time of the upgrade then it wasn’t removed. Unused ones were removed. I have the “invisible ReCaptcha” in use on my J5.1.1 site as a result of this.
This is right

omroepmuseum
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon Mar 20, 2023 2:59 pm

Re: Using invisible reCAPTCHA

Post by omroepmuseum » Sat Jun 29, 2024 7:09 pm

We also migrated from J4 to J5. In J4 we used the VISIBLE reCAPTCHA (Google reCAPTCHA v2). If I remember well, when we migrated to J5, the VISIBLE reCAPTCHA was no longer available forcing us to use the INVISIBLE Google reCAPTCHA v3.

Advertisement

Post Reply

Return to “General Questions/New to Joomla! 5.x”