.png.022b5452a8f28f552bc9430097a16da2.png)
Here is the update from PrestaShop of (reCAPTCHA):
After analyzing your case and the module configuration, we've identified the root cause of the spam problem you're experiencing. The spambots are bypassing your contact form entirely by sending direct POST requests to the form submission endpoint, which means they never interact with the reCAPTCHA challenge on the frontend. This is a sophisticated attack method that requires additional security layers beyond standard reCAPTCHA implementation.
Why is this happening?
Sophisticated spam bots can bypass form protections by:
Directly posting data to your form handler URL
Never loading the actual contact page with the reCAPTCHA widget
Submitting fake customer accounts through direct API calls
This is a known issue with many PrestaShop stores, particularly with spam from Chinese qq.com email addresses using gambling-related content in Chinese characters.
Recommended Solutions:
Additional Security Layers
Consider implementing these complementary measures to strengthen your store's protection:
Email Domain Blocking: Block known spam email providers (qq.com, 126.com, 163.com, mail.ru, etc.) at the form submission level
IP Rate Limiting: Limit form submissions per IP address (e.g., max 3 submissions per hour)
Honeypot Fields: Add hidden fields that bots fill out but humans don't see
Server-Level Protection: Implement mod_security or fail2ban rules to block suspicious patterns
/BR