reCaptcha v2 integration

Zignar · January 17, 2019, 1:53pm

Hi

I need help to understand how to integrate Googles reCaptcha v2 in PHP feedback action.

Google gives some very simple directions on what to do locally (client side), as posted on another thread.

It is the integration server-side that I find difficult. I used an elaborate solution with reCaptcha v1 that involved generating the e-mail.php through the action, then deactivating the action, edit the generated e-mail-go.php file and upload it through the Upload Extra Resources action.

I presume the same would work here. The problem is that I don’t understand how to edit the file itself.

Google gives me these instruction:

When your users submit the form where you integrated reCAPTCHA, you’ll get as part of the payload a string with the name “g-recaptcha-response”. In order to check whether Google has verified that user, send a POST request with these parameters:

URL: https://www.google.com/recaptcha/api/siteverify

secret (required) ---------- secret key here -------------
response (required) The value of ‘g-recaptcha-response’.

Any idea of how to do that?
Thank you!

Sverker

http://www.smalandsgardar.nu/e-post.php#

freewaytalk mailing list
email@hidden
Update your subscriptions at:

Zignar · January 17, 2019, 2:23pm

URL: https://www.google.com/recaptcha/api/siteverify

secret (required) ————— secret key here ——————-

response (required) The value of ‘g-recaptcha-response’.

freewaytalk mailing list
email@hidden
Update your subscriptions at:

John_Robinson · January 17, 2019, 6:19pm

Zignar
I had a hacking problem and Jeremy suggested this for a Captcha.
John

You could add a captcha:

https://www.softpress.com/kb/questions/217/Using+a+"Captcha"+in+Freeway

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:

Jeremy · January 21, 2019, 3:15pm

I’m afraid that the solution I suggested is out-of-date (it mentioned third-party Actions that are no longer supported). However, we are currently testing an updated version of the Send Form Action, which has captcha functionality.

If people are interested in testing this, we can probably upload it somewhere.

We’re also interested in any other solutions that people are using.

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:

FrankHar · January 21, 2019, 6:14pm

In the name of humanity, please tell us some new development is considered, or you have had a (another) brilliant development yourself!

JUST NOTHING RESEMBLING reCaptcha PLEASE!

What an irritating, dysfunctional, time-wasting, mind numbing psychologically conditioning (‘ill do anything you tell me I must, oh gods of the internet’), facade of protection.

Sorry folks, but as you can see I hate it and rally the cry against it whenever I can. I mean really, ask yourself that on any given day how much time is wasted on this sort of engineering? I have stormed off of retail sites where something was finicky enough to steal yet another few minutes of time and patience from me. Their loss.

I feel better now… thanks

Frank

Sent from my iPad

On Jan 21, 2019, at 7:15 AM, Jeremy Hughes email@hidden wrote:

I’m afraid that the solution I suggested is out-of-date (it mentioned third-party Actions that are no longer supported). However, we are currently testing an updated version of the Send Form Action, which has captcha functionality.

If people are interested in testing this, we can probably upload it somewhere.

We’re also interested in any other solutions that people are using.

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

SpamVacuum · January 22, 2019, 12:00pm

Definitely interested in testing the updates Send Form Action Jeremy.

Thanks,

Ian

freewaytalk mailing list
email@hidden
Update your subscriptions at:

Jeremy · January 22, 2019, 10:45pm

On 22 Jan 2019, at 12:00, Ian Halstead email@hidden wrote:

Definitely interested in testing the updates Send Form Action Jeremy.

We’ll try to sort something out!

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Jeremy · January 22, 2019, 10:53pm

On 21 Jan 2019, at 18:14, Frank Harshbarger email@hidden wrote:

What an irritating, dysfunctional, time-wasting, mind numbing psychologically conditioning (‘ill do anything you tell me I must, oh gods of the internet’), facade of protection

I hate it too - and I sometimes have to try a few times before I can convince the captcha that I’m not a robot (“is that a road sign or a building?” etc.)

But I also hated having to work through quantities of Russian spam that were being sent to us via a link on our web site.

It’s also annoying that I don’t seem to be able to stop gmail from misidentifying FreewayTalk messages as spam…

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

FrankHar · January 22, 2019, 11:54pm

First off have to say I missed most of the first part of this discussion, and can relate to the issues now that I have caught up…

Ironically, I missed the first part of the spam / recaptur because it was in the spam folders in the web accessible gmail account (literally just found them before the below thread) - never made it to my imap download.

If it helps, each of these emails seem to be ‘seen’ by gmail as from the individual sending it, rather than from ‘freeway talk’, and I get them (after un-spaming/junk ID) as to ‘email@hidden’ - I think I recall a discussion on how that is to prevent the collection of addresses by spammers somehow.

Frank Harshbarger

On Jan 22, 2019, at 2:53 PM, Jeremy Hughes email@hidden wrote:

On 21 Jan 2019, at 18:14, Frank Harshbarger email@hidden wrote:

What an irritating, dysfunctional, time-wasting, mind numbing psychologically conditioning (‘ill do anything you tell me I must, oh gods of the internet’), facade of protection

I hate it too - and I sometimes have to try a few times before I can convince the captcha that I’m not a robot (“is that a road sign or a building?” etc.)

But I also hated having to work through quantities of Russian spam that were being sent to us via a link on our web site.

It’s also annoying that I don’t seem to be able to stop gmail from misidentifying FreewayTalk messages as spam…

Jeremy

freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

simonmanning · January 24, 2019, 6:08pm

Hi Zignar, All,

An updated version of the Send Form Action along with some instructions can now be found on the knowledge base at Adding Google reCAPTCHA to your contact forms using the Send Form Action - Freeway - Softpress Talk

reCAPTCHA requires some work to be done on the server side, this version of the Send Form Action can now generate the code for that but we won’t be able to inject the same into the PHP Feedback Form Action.

You could create a page using Send Form and take a look at the PHP it publishes, that would give you an idea of how to send the POST request to verify the captcha. The code won’t just drop in to the PHP Feedback Form script though, it would need a bit of wrangling.

Unless you need a feature of PHP Feedback Form that Send Form doesn’t have, it may be simpler to switch over to [the new version of] Send Form, so you don’t have to edit the script after publishing.

Simon

freewaytalk mailing list
email@hidden
Update your subscriptions at:

SpamVacuum · January 25, 2019, 9:24am

Thank you very much indeed Simon — much appreciated. I shall take a good look at this and report back.

Ian

freewaytalk mailing list
email@hidden
Update your subscriptions at:

SpamVacuum · January 25, 2019, 12:03pm

Straightforward instructions thanks, and it worked first time! Again, much appreciated.

I did get an error on trying to unzip the action bundle '(Error 1 - Operation not permitted), but right-clicking and using ‘The Unarchiver’ app I have installed instead of the Mac default Archive Utility did the trick.

I now need to look at the version 3 reCAPTCHA, the instructions for which at the moment seem impenetrable to my sensibilities.

freewaytalk mailing list
email@hidden
Update your subscriptions at:

simonmanning · January 25, 2019, 1:20pm

Huh, that’s peculiar, it was zipped by latest Mojave’s Archive Utility. (Compress in Finder)

reCAPTCHA v3 is a bit more involved. My interpretation of its simplest form would be to include it on every page of the site with unique action names, then on pages with forms you would additionally inject the returned token into a hidden form field. (That last part is what happens when you tick the Checkbox version)

On the backend rather than checking for success, you would need to check for success and then interpret the score somewhat arbitrarily. 1.0 Google thinks is very likely a person, 0.0 they think it’s very likely a bot. You have to pick somewhere in the middle and accept anything above that.

If I was adding it to Freeway I would create a reCAPTCHA folder Action that does the first paragraph automagically, then the second paragraph would be handled by the Send Form Action. Probably I would add another field to the Action for the score threshold and use some default like 0.5 if it’s not set.

Unfortunately this would have taken more time than I could put to it at the moment, which was why I opted for the v2 Checkbox.

Simon

freewaytalk mailing list
email@hidden
Update your subscriptions at:

SpamVacuum · January 25, 2019, 1:42pm

Yes, the v3 is much more involved and hands on, and I’m just glad that you did one for v2. It works absolutely fine!

freewaytalk mailing list
email@hidden
Update your subscriptions at:

gsymon · February 4, 2019, 8:51pm

On 21 Jan 2019, 3:16 pm, Jeremy Hughes wrote:

we are currently testing an updated version of the Send Form Action, which has captcha functionality.

If people are interested in testing this, we can probably upload it somewhere.

Well, that’s timely. I’ve just spent the afternoon trying to fight off some spam … and failing so far. This would be very useful.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

gsymon · February 5, 2019, 9:45am

On 22 Jan 2019, 10:53 pm, Jeremy Hughes wrote:

But I also hated having to work through quantities of Russian spam that were being sent to us via a link ?>on our web site.

It’s also annoying that I don’t seem to be able to stop gmail from misidentifying FreewayTalk messages as >spam…

Time to move on from gmail?

I tried fighting spam with gmail, for a year or so, because I’d been told their filters were so great. Turned out they weren’t. Beyond that, fighting spam with ‘post-delivery’ filters seem so pointless to me. You still have to trawl through the messages to check for false positives. What’s the point?

A couple of years ago, I got the chance I had been hoping for, to take control of my spam, when Gandi, my hosting provider, incorporated server side Sieve filters. I immediately bought a second domain name and set about separating all online subscription email addresses from my business addresses by making a unique address per subscription, e.g for here I have fwtalk@… This takes about a minute each time and makes it very easy to see what relates to what and to delete/change any address that gets spammed, since it only serves that one unique purpose.

Now, after honing the filters over time and ensuring that there are no false positives slipping through, I have recently had the gigantic pleasure of switching some filters across to ‘Reject’. Oh the bliss! So now I never see these messages, which are rejected at the server and the sender receives a reject message.

I combine this with Apple’s Mail app and its Smart Mailboxes (you can do boolean by including Smart Mailboxes in another’s search criteria). By flagging all legitimate mail at the server end, then viewing my mail via a ‘flagged’ smart folder I only see what I need to see. When I’ve dealt with mail, I unflag. So everything just resides in either Inbox or Sent and I only view flagged. I also use a simple Mail rule to colour messages from the second domain, so that they’re easily distinguished from actual work stuff.

The final piece of the puzzle would be Apple practising what they preach and improving iOS Mail to match Mac Mail … although, thankfully, the flags work. The delight of having control over your mail is definitely worth what would be about 15 quid a year for a couple of domains in the UK.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

simonmanning · February 5, 2019, 11:49am

For anyone having the problem unzipping that Ian Halstead mentioned, it turned out there was a sandboxing related issue with the archive.

The Action itself is fine for anyone that already extracted it with something else but the knowledge base has now been updated with a version that Finder will be able to extract as normal.

Simon

freewaytalk mailing list
email@hidden
Update your subscriptions at:

davedesigner · February 5, 2019, 12:18pm

Have you tried SpamSieve? SpamSieve: Accurate Spam Filter for Mac

I’ve been using it for years on my Mac. Pretty much sorts out 99+% of spam correctly so it’s not seen but you’ve still got the option of getting stuff that might slips through. You can you also sort IMAP accounts to so your mobile does not get the spam.

Best one one-off payment for software ever

On 5 Feb 2019, at 09:45, grantsymon email@hidden wrote:

I tried fighting spam with gmail, for a year or so, because I’d been told their filters were so great. Turned out they weren’t. Beyond that, fighting spam with ‘post-delivery’ filters seem so pointless to me. You still have to trawl through the messages to check for false positives. What’s the point?

David Owen { Freeway Friendly Web hosting and Domains }

http://www.ineedwebhosting.co.uk | http://www.PrintlineAdvertising.co.uk

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

gsymon · February 5, 2019, 12:35pm

On 5 Feb 2019, 12:18 pm, David Owen wrote:

Have you tried SpamSieve? SpamSieve: Accurate Spam Filter for Mac

Yes SpamSieve is just a UI on top of Sieve. They are the same thing.

The crux with using it on the server instead of your computer, is that once you’re confident with your Rules, you can choose to Reject at the server. So the message is never received and as far as spammers are concerned the address doesn’t exist. For some Rules, I reject with the message ‘Address Unknown’. The spammers can see in the headers of the reject email, that it has never been received by an email app, so will probably eventually give up on the address. The effect is the same as if you closed/deleted your email account.

Either way, you never see the spam and don’t have to deal with it. Using a mail app to filter means you still have to deal with the spam somewhere along the line. It also makes it easier to implement the two-domain system for email addresses.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

jmuscara · February 5, 2019, 12:36pm

For those that hate or are interested in why CAPTCHAs are the way they are and where they might be going, you might find this article of interest.

freewaytalk mailing list
email@hidden
Update your subscriptions at: