Testing recaptcha v3

[rongreen]

I just added recaptcha v3 to my form and everything seems to be functioning as expected with the form. So I am wondering how one can test to see if it is really working, that is the captcha? Thanks!

[crispy68]

You need to upload your form to your server and then test it.

[rongreen]

Yes, I did upload it and ask you recommended tested it and it behaved normally. What can I do to trigger the captcha, anything? Or, does it have to come from a suspected inquiry or attempt to access?

[crispy68]

I'm not sure how you can test to see if working properly or not. As long as there are no errors on the page from it and your form is working then I suspect it is also working. Are you getting spam? If not, then I would suspect it is working.

[rongreen]

Thanks Crispy68. I was getting spam and that is why I added it. I suspect it is like as you noted that it is now a wait and see.

[rongreen]

I determined that a way to get feedback if things are working, if using google captcha V3, is to go to https://www.google.com/recaptcha/about/ and look at the analytics for your site.

[BaconFries]

To be honest there is really no 100% guarantee using any of the Captcha methods available to stop you getting spammed. They all have there good points but in the end they cant stop someone manually filling your form 100 or a 1000 times.
There are extra methods you can add such as using a "Honey Pot" or using server sided validation see the following
Anti spam features in forms. You can even try blocking IP ranges via htaccess on your server downside to this you can block legit users along as non if coming from within that IP range. In the end you can slow spam but there will always be some that gets through and this is what you will have to except and simply delete.

[gofrank]

If the incoming spam from your form includes the IP address of the sender (which it should), you can do a reverse IP lookup to find out from where the spam is originating. I just had a client who was receiving repeated submissions from Moscow, Russia. Doing a search for Russian IP ranges, I was able to isolate the IP group causing the problem and block those addresses in Control Panel. My client informed me all the incoming spam immediately ceased.

As Bacon suggests, honeypots are a good solution for many cases. While my client has a honeypot on her form, spam was still being submitted. It could be the spammers have come up with a way to detect honeypots and bypass them. Something to consider if you are plagued by spam.

[rongreen]

You are correct that my form reports the IP and that is a great idea to trace its origin. Thanks for the recommendation.

[BaconFries]

It could be the spammers have come up with a way to detect honeypots and bypass them. Something to consider if you are plagued by spam.

The old saying “Where there's a will, there's a way” So not to worry in anyway they can use a variety of tools to help them detect honeypots, such as: Send-safe Honeypot Hunter. Kippo. Cowrie...