TechQA.

Google ReCAPTCHA v2 bypass

1.4k views Asked by At

In Monday I deployed brand new version of website. There is contact form protected by Google ReCAPTCHA v2 Checkbox. Today I received first spam (preview attached).

I mean. How is this possible? Backend implementation of verification is as bellow, I believe it's not possible to successfully submit contact form without confirmation from Google.

But still, the spam arrived!

    $name = $_POST['person__name'] ?? throw new InvalidArgumentException();
    $phone = $_POST['person__phone'] ?? throw new InvalidArgumentException();
    $email = $_POST['person__email'] ?? throw new InvalidArgumentException();
    $message = $_POST['message'] ?? throw new InvalidArgumentException();
    $type = $_POST['message__type'] ?? throw new InvalidArgumentException();
    $captcha = $_POST['g-recaptcha-response'] ?? throw new InvalidArgumentException();

    $url = sprintf(
            'https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s',
        urlencode('SECRET_RECAPTCHA_KEY'),
        urlencode($captcha),
    );

    $response = json_decode(file_get_contents($url));

    if ($response->success !== true) {
        throw new InvalidArgumentException('Recaptcha');
    }
php email security recaptcha spam-prevention
Original Q&A
0

There are 0 answers

Related Questions in PHP

Related Questions in EMAIL

Related Questions in SECURITY

Related Questions in RECAPTCHA

Related Questions in SPAM-PREVENTION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions