why i still getting spam emails after installing reCaptcha v3

Asked 5/10, 2020 at 10:5 Answered 6/4, 2021 at 20:13

I have installed google recaptcha v3 in my html form but i'm still getting spam emails, what should i do next to prevent spams ? Any way without using php code only js scripts ?

My code is using this one :

 <script src="https://www.google.com/recaptcha/api.js"></script>

Add a callback function to handle the token.

<script>
   function onSubmit(token) {
     document.getElementById("demo-form").submit();
   }
 </script>

Add attributes to your html button.

<button class="g-recaptcha" 
        data-sitekey="reCAPTCHA_site_key" 
        data-callback='onSubmit' 
        data-action='submit'>Submit</button>

Golda answered 5/10, 2020 at 10:5 Comment(4)

Have you checked in Google Console is your recaptcha working fine? What percentage of requests it is blocking? – Darcydarda 5/10, 2020 at 10:19

How can i check it in the console ? should i console.log some variables or so ? – Golda 5/10, 2020 at 10:41

I don't mean on console.log, but on Google control panel. Please check next page: google.com/recaptcha/admin – Darcydarda 5/10, 2020 at 12:34

Also, check if your website hasn't the email write somewhere on front-end. Any exposed emails will get many spams. If your app send a email to the user when fill the form, maybe the spanner have saved the email to keep sending spams. – Radiance 2/4, 2021 at 21:30

You have to verify the captcha request server side. You are likely getting hit with spambots. Having only client side validation will only work against most humans, not bots.

Bots do not care if your client side has reCAPTCHA as they likely reading your HTML form's action URL and directly sending a POST request to it without your validation script - in short they are bypassing reCAPTCHA and other client side validation.

You should also be warry of posting your email address directly on your site as they often get scraped and spammed as well. Here is an old post that talks about obfuscation of on site email address to prevent spam.

Backup answered 6/4, 2021 at 20:13 Comment(1)

So what's the best way now to block the spam bots? – Exo 13/5 at 13:21

Try this

function submit(e) {
  e.preventDefault();
  var response = grecaptcha.getResponse();

  if (response.length == 0) {
    //reCaptcha not verified
  } else {
    //reCaptch verified
    document.getElementById("demo-form").submit();
  }
}

<script src="https://www.google.com/recaptcha/api.js"></script>
<form onsubmit="submit();">
  <input type="text" name="name">
  <button class="g-recaptcha" data-sitekey="reCAPTCHA_site_key" data-callback='submit' data-action='submit'>Submit</button>
</form>

Change the right key in there !

Catamnesis answered 6/4, 2021 at 9:37 Comment(1)

If a spammer sends directly to the form with g-recaptcha-response="blahblah" wouldn't that foil the validation? – Alvaroalveolar 13/2 at 0:18

Recommended topics

Hot tags