I am trying to:
I have form for visitors to post their projects that they are looking for development help with. It includes reCAPTCHA v2 and that is working correctly. But, in the past week or so (twice today) client has been receiving form posts filled with SPAM. I don't understand how this can happen.
Link to a page where the issue can be seen:
hidden link
[credform class="cred-form"]
<div class="form-msgs">
[cred_field field="form_messages" value=""]
</div>
<div class="hr_black">Project Information * = required field</div>
<div id="projTitle" class="cred-field cred-field-post_title">
<div class="cred-label">Project Title *</div>
[cred_field field="post_title" post="project" placeholder="Short, descriptive title of project" value="" urlparam=""]
</div>
<div id="projSumm" class="cred-field cred-field-summary">
<div id="projSumm" class="cred-label">Summary: *</div>
[cred_field field="project-summary-wysi" post="project" placeholder="Short, precise summary of project"]
</div>
<div id="projResps" class="cred-field cred-field-responsibilities">
<div id="projResps" class="cred-label">Responsibilities:</div>
[cred_field field="project-responsibilities-wysi" post="project" placeholder="Responsibilities of this position"]
</div>
<div id="projQuals" class="cred-field cred-field-qualifications">
<div id="projQuals" class="cred-label">Qualifications:</div>
[cred_field field="project-qualifications-wysi" post="project" placeholder="Minimum qualifications required for this position"]
</div>
<br /><br />
<div id="projectStartDate" class="cred-field cred-field-project-start-date">
<div class="cred-label">Project start date:</div>
[cred_field field="project-start-date" post="project" placeholder="Est. start date"]
<br />
</div>
<br /><br />
<div id="contractLength" class="cred-field cred-field-length-of-contract">
<div class="cred-label">Length of contract:</div>
[cred_field field="project-length-of-contract" post="project" placeholder="Estimated length of contract"]
<br />
</div>
<br /><br />
<div id="workOnSite" class="cred-field cred-field-work-on-site">
<div id="workOnSiteLbl" class="cred-label">Work on-site?:</div>
<br />[cred_field field="project-work-on-site" post="project" placeholder="Company site | Remote | Both"]
</div>
<br /><br />
<div id="travelReqd" class="cred-field cred-field-travel-required">
<div class="cred-label">Travel required:</div>
[cred_field field="project-travel-required" post="project" placeholder="Yes | No | Some"]
</div>
<div id="cmpnyInfo" class="hr_black">Contact Information</div>
<div class="cred-field cred-field-first-name">
<div class="cred-label">First name *</div>
[cred_field field="project-contact-first-name" post="project" placeholder="Your first name"]
</div>
<div class="cred-field cred-field-last-name">
<div class="cred-label">Last name *</div>
[cred_field field="project-contact-last-name" post="project" placeholder="Your last name"]
</div>
<div class="cred-field cred-field-email">
<div class="cred-label">Email *</div>
[cred_field field="project-contact-email" post="project" placeholder="Your email address"]
</div>
<div class="cred-field cred-field-business-phone">
<div class="cred-label">Phone — <em>Please use period "." as phone number separator (Ex. 408.555.1234)</em></div>
[cred_field field="project-contact-phone" post="project" placeholder="e.g., 408.996.1234"]
</div>
<div class="cred-field cred-field-business-name">
<div class="cred-label">Business name</div>
[cred_field field="project-company-name" post="project" placeholder="Your company"]
</div>
<div class="cred-field cred-field-business-web-site">
<div class="cred-label">Business Web site</div>
[cred_field field="project-company-website" post="project" placeholder="E.g., http:\/\/abc.com"]
</div>
<div class="cred-field cred-field-street-address">
<div class="cred-label">Street address</div>
[cred_field field="project-company-street-address" post="project"]
</div>
<div class="cred-field cred-field-city">
<div class="cred-label">City *</div>
[cred_field field="project-company-city" post="project" placeholder="Location of project - if any"]
</div>
<div class="cred-field cred-field-state">
<div class="cred-label">State</div>
[cred_field field="project-company-state" post="project" placeholder="e.g., CA"]
</div>
<div class="cred-field cred-field-zip-code">
<div class="cred-label">Zip-code</div>
[cred_field field="project-company-zip-code" post="project" placeholder=""]
</div>
<div class="cred-field cred-field-country">
<div class="cred-label">Country</div>
[cred_field field="project-company-country" post="project"]
<br /><br />
</div>
<!-- CAPTCHA -->
<div class="cred-label">Check the box if you are not a robot...</div>
<div class="cred-field cred-field-recaptcha">[cred_field field="recaptcha"]</div>
<!-- Submit -->
<div class="form-timbus" style="margin-left:6rem;">
<br /> <br />
[cred_field field="form_submit" value="Submit"]
</div>
<div class="cred-field cred-field-city" style="visibility:hidden;">
<div class="cred-label">userAgent</div>
[cred_field field="project-usragntinfo" post="project"]
</div>
[/credform]
Nigel
Supporter
Languages:
English (English )
Spanish (Español )
Timezone:
Europe/London (GMT+00:00)
Hi Jeff
I can see that the reCaptcha is added to the form and appears to be working correctly.
I just happen to have seen quite a bit of talk about reCaptchas in my feed this week, the general message being that bots are becoming more sophisticated and have become better at solving reCaptchas than humans. I think that mostly relates to the what-are-these-garbled-letters type reCaptchas, but it is surely only a matter of time before they outwit the I am not a robot reCaptcha, too.
Most of the commentary says to use honeypots as an alternative. You'd need to design these yourself, and you would use the cred_form_validate hook (https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate ) to check the honeypot yourself.
Here are a coupe of links to get you started:
hidden link
hidden link
Thanks, Nigel.
But, something is not right related to CRED.
And, I noticed the form in question (Post A Project) has the following code for the CAPTCHA field:
<div class="cred-field cred-field-recaptcha">[cred_field field="recaptcha"]</div>
while another of my forms which is not getting any SPAM currently has this code:
<div class="form-group">[cred_field field='recaptcha' value='' urlparam='' class='form-control' output='bootstrap']</div>
The Project form may have been Auto-generated from the CRED Edit Post Form page a long time ago, but I don't remember for sure.
What is class='form-control' for in the cred_field shortcode?
Thanks,
Jeff
-------
Nigel
Supporter
Languages:
English (English )
Spanish (Español )
Timezone:
Europe/London (GMT+00:00)
With the current version of Forms, if you insert a reCaptcha field it will insert it like so:
[cred_field field="recaptcha" class="form-control" output="bootstrap"]
The class and output attributes are default attributes added to many fields, and in the case of the reCaptcha field they actually make no difference. If you inspect the HTML markup inserted with and without them you will see they are the same.
And on your problem site on the front end we can see that the reCaptcha field is added correctly, the I-am-not-a-robot checkbox which is inserted as an iframe works as expected.
You could update the shortcode to insert the recaptcha field in your form so that it matches what is currently inserted, but I wouldn't expect it to make any difference, to be honest, but you can try.
My issue is resolved now. Thank you!