Issue with reCaptcha, SPAM users using contact formular

[mihessel]

Hi prestashop Forum,
After buying and installing the module "reCaptcha" from https://addons.prestashop.com/en/website-security-access/42438-recaptcha-google-anti-spam.html
I still have major issue with reCAPTCHA, I got SPAM from robots/services using my contact formular to sent SPAM.
I'll see continued email creations in the prestashop backend, 15 a minute from IP. 

The module don't block spam, tested both v. 2 and v.3, the spammer/robot/service uses the contact formular to sent spam, and this is not blocked by reCAPTCHA. Are there anyone with the same issue on is this module.

Example of user created: 
Name: 网址①⑧⑧⑦点top注册送⑧彩金
Last name: 存五十送③⑦彩金
email: [email protected]
IP: 38.12.30.33 

Purchased module/software:
reCaptcha - Google Anti Spam module, version: v1.1.7
reCaptcha versions tested with no luck: v2 and v3
Change 'Site key' and 'Secret key' but with same result.

My prestashop version: 1.7.6.8
ReCaptcha anti-spam - PrestaShop module configuration in backend, ReCaptcha allowed score is set to 0.1

Temporary solution is to block the formular in the .htaccess with following.

# blocking contact formular
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^create_account=1.* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>
RewriteEngine on

BR
/M

Edited 10 hours ago by mihessel (see edit history)

[Knowband Plugins]

What's the response of the module developer on the same?

[mihessel]

I'm wating for a reply from module developer, as soon i get it, I post the info in here.

[Prestashop Addict]

In V3 what was the threshold used?

[calculo]

It seems that you're encountering an issue where the reCaptcha module is not blocking spam submissions via your contact form on PrestaShop, even after testing with both reCaptcha v2 and v3.

Here’s a solution to this issue, customized to your case, along with a reference to your website:

Solution to Block Spam in PrestaShop Contact Form

After experiencing issues with reCaptcha not effectively blocking spam on your PrestaShop site, here are a few steps you can try to ensure better protection:

1. Check reCaptcha Settings

Make sure the Site Key and Secret Key are correctly set up. It’s important that the keys match the version of reCaptcha you’re using (either v2 or v3). You can also try setting the Score Threshold in reCaptcha to a stricter value (below 0.5) to see if it catches more spam.

2. Update PrestaShop and reCaptcha Module

Ensure that your PrestaShop and the reCaptcha module are updated to the latest versions. Updates often fix bugs and improve compatibility.

3. Test reCaptcha with Custom Forms

If you have custom forms or modifications in your contact form, make sure those are compatible with the reCaptcha version you are using. Sometimes, certain customizations may interfere with reCaptcha.

4. Implement IP Blocklist for Known Spam IPs

In case spam continues despite reCaptcha settings, blocking known spam IPs directly in your .htaccess file is an effective temporary measure.

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REMOTE_ADDR} ^38\.12\.30\.33$ RewriteRule ^(.*)$ - [F,L] </IfModule>

This code blocks requests from the spam IP address you've identified. Update this as necessary to block other known IPs.

5. Consider Alternative Anti-Spam Modules

If the built-in reCaptcha module isn’t performing as expected, you might want to explore alternative anti-spam modules available on the PrestaShop add-ons store, such as Spam Prevention for Forms or other advanced CAPTCHA modules that offer additional layers of protection.

6. Contact PrestaShop Support

If the problem persists, it may be worth reaching out to PrestaShop’s support team or the reCaptcha module’s developer for more specialized troubleshooting.

As for your website, you might want to ensure that https://ecalculadoradehoras.com/ also has adequate security measures in place to prevent such spam attacks. If you offer a similar service for time calculations or any related modules, adding extra layers of protection can improve user experience and security.

Feel free to integrate this solution into your website's anti-spam strategy to keep it protected. Let me know if you need further adjustments!