• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Support reCAPTCHA V3 because reCAPTCHA V2 - invisible is bypassed and bad design

Status
Not open for further replies.

davidlevy

Chevereto Member
Adjusting, staying ahead, keeping current.
All important in design and with websites.

I personally am not a fan of the reCAPTCHA V2 invisible as the standard checkmark (which is visual confirmation that it's working) does not work with Chevereto.
I am using an SSL (not a free letsencrypt) behind cloudflare with strict on.
I was wondering why my V2 wasn't working until I searched these forums and found this thread
https://chevereto.com/community/threads/recaptcha-not-working-on-ssl.8479/
In order to have the hyphens in the site key, it needs to be the invisible recaptcha not the checkmark version which is actually better for a few reasons.
But invisible recaptcha may or may not work at times and also provides no visual confirmation of it working or not.

reCAPTCHA V3 makes it less cost effective for botters.
I'm sure someone patient enough and smart enough might figure out a bypass solution,
but usually people looking to make bot accounts are doing it for marketing reasons and use captcha solving services in conjunction with their attacks.
From my understanding, there's no public service that can bypass reCAPTCHA V3. And that's where it makes sense to implement this over using reCAPTCHA V2 - invisible which can be bypassed.

Code:
<?php G\Render\include_theme_file('snippets/quickty/recaptcha_form'); ?>
^ how much work would it be to update the reCAPTCHA code to use reCAPTCHA V3 in the next build?
 
^ how much work would it be to update the reCAPTCHA code to use reCAPTCHA V3 in the next build?
No idea, but for what I'm seeing the thing analyzes all user actions and based on that it determines if someone is human or not. Thing that worries me is how they show the challenge when the score is too low? They simply put a bad score and the user never can't prove that is human?
 
That's the beauty of it, no more challenge questions.
Some rule of thumbs, don't use a public VPN.. that will likely flag you and use Google chrome.
If you are mistaken for a robot you can clear your cookies and do some google searches.. sign into your Google account. Then you should be able to sign in.
My use case is for an invitation only community, most authors will remain signed in. For me this is more about preventing too many failed login attempts or using that as an attack vector.
 
That's exactly my main concern.

Frequently I get tagged as a bot and I don't have any issue filling a challenge for that case, but far as I can tell this thing doesn't have any challenge for these and the solution is to delete your cookies or/and sign to a Google account. That's not ideal in my opinion, but I don't know how much better they detect bots anyway.

I believe that we should just add it and try and see on our own.
 
Status
Not open for further replies.
Back
Top