Bypassed reCaptcha (a lot)
loranger opened this issue · comments
Hello,
I have a very simple contact form with an reCpatcha v3.
As you can see it seems to work properly (and it was).
Since few days, I got a lot of spam coming from this form : I get one or two (russian) emails every 2 or 4 minutes (that's the interval I could identify)
And now, I got this sending google account disabled for security reasons.
I try to digg a little deeper, but I can't figure out how they can bypass recaptcha.
In my server log files, I can see a GET query followed by a POST on, but I can't see what is exactly posted
log sample
138.199.7.131 - - [13/Jan/2022:15:55:08 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:15:55:08 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:15:55:08 +0100] "POST /contact HTTP/1.0" 500 2585 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:15:55:09 +0100] "POST /contact HTTP/1.0" 500 2594 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.134 - - [13/Jan/2022:15:56:07 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.49" "-"
138.199.7.134 - - [13/Jan/2022:15:56:08 +0100] "POST /contact HTTP/1.0" 500 2594 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.49" "-"
185.107.95.212 - - [13/Jan/2022:15:56:22 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
185.107.95.212 - - [13/Jan/2022:15:56:22 +0100] "POST /contact HTTP/1.0" 200 11562 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
82.64.106.241 - - [13/Jan/2022:15:57:10 +0100] "POST /contact HTTP/2.0" 200 10852 "catcel-avocat.fr/contact" "insomnia/2021.7.2" "-"
138.199.7.131 - - [13/Jan/2022:15:59:17 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:15:59:18 +0100] "POST /contact HTTP/1.0" 500 2591 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
185.191.171.17 - - [13/Jan/2022:15:59:18 +0100] "GET /contact/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/images/preview/send.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)" "-"
138.199.7.136 - - [13/Jan/2022:15:59:21 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:15:59:22 +0100] "POST /contact HTTP/1.0" 500 2585 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.134 - - [13/Jan/2022:16:02:42 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4400.8 Safari/537.36" "-"
138.199.7.134 - - [13/Jan/2022:16:02:43 +0100] "POST /contact HTTP/1.0" 500 2591 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4400.8 Safari/537.36" "-"
185.107.95.212 - - [13/Jan/2022:16:03:16 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
185.107.95.212 - - [13/Jan/2022:16:03:17 +0100] "POST /contact HTTP/1.0" 200 11507 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:16:03:29 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.49" "-"
138.199.7.131 - - [13/Jan/2022:16:03:29 +0100] "POST /contact HTTP/1.0" 500 2591 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.49" "-"
138.199.7.136 - - [13/Jan/2022:16:03:37 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:16:03:38 +0100] "POST /contact HTTP/1.0" 500 2591 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:16:07:45 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:16:07:46 +0100] "POST /contact HTTP/1.0" 500 2594 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:16:07:56 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:16:07:56 +0100] "POST /contact HTTP/1.0" 500 2591 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.1; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.134 - - [13/Jan/2022:16:09:25 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.134 - - [13/Jan/2022:16:09:25 +0100] "POST /contact HTTP/1.0" 500 2588 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
185.107.95.212 - - [13/Jan/2022:16:10:24 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
185.107.95.212 - - [13/Jan/2022:16:10:25 +0100] "POST /contact HTTP/1.0" 200 11553 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:16:11:56 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.131 - - [13/Jan/2022:16:11:57 +0100] "POST /contact HTTP/1.0" 500 2223 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:16:12:07 +0100] "GET /contact HTTP/1.0" 200 10852 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.86 Safari/537.36" "-"
138.199.7.136 - - [13/Jan/2022:16:12:08 +0100] "POST /contact HTTP/1.0" 500 2222 "https://catcel-avocat.fr/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.86 Safari/537.36" "-"
Here is the frontmatter header page
contact page
title: 'Formulaire de contact'
menu: Contact
process:
markdown: true
twig: false
form:
name: contact-form
fields:
-
name: name
label: Nom
placeholder: 'Votre nom'
autofocus: 'off'
autocomplete: 'on'
type: text
validate:
required: true
-
name: email
label: Email
placeholder: 'Votre adresse email'
type: text
validate:
rule: email
required: true
-
name: message
label: Message
size: long
placeholder: 'Saisissez votre message'
type: textarea
validate:
required: true
-
name: g-recaptcha-response
label: Captcha
type: captcha
recaptcha_not_validated: 'Captcha non valide !'
buttons:
-
type: submit
value: Envoyer
process:
-
email:
from: '{{ config.plugins.email.from }}'
to: '{{ config.plugins.email.to }}'
reply_to: '{{ form.value.email }}'
subject: '[Message] {{ form.value.name|e }}'
body: '{% include ''forms/data.html.twig'' %}'
-
save:
fileprefix: feedback-
dateformat: Ymd-His-u
extension: txt
body: '{% include ''forms/data.txt.twig'' %}'
-
captcha: true
-
message: 'Message envoyé !'
-
display: thankyou
And here are my settings file:
email.yaml
enabled: true
from: <the now blacklisted email>
from_name: 'Conciergerie web'
to: <the now blacklisted email>
to_name: null
queue:
enabled: false
flush_frequency: '* * * * *'
flush_msg_limit: 10
flush_time_limit: 100
mailer:
engine: smtp
smtp:
server: smtp.gmail.com
port: 587
encryption: tls
user: <the now blacklisted email>
password: <its password>
auth_mode: null
sendmail:
bin: '/usr/sbin/sendmail -bs'
content_type: text/html
debug: false
charset: null
cc: null
cc_name: null
bcc: null
reply_to: null
reply_to_name: null
body: null
form.yaml
enabled: true
built_in_css: true
inline_css: true
refresh_prevention: false
client_side_validation: true
inline_errors: false
files:
multiple: false
limit: 10
destination: self@
avoid_overwriting: false
random_name: false
filesize: 0
accept:
- 'image/*'
recaptcha:
version: '3'
theme: light
site_key: 6LdO1vwUAAAAAOvobpzY3CNQ4Fw_qrjzFTadse8_
secret_key: <my valid recaptcha secret key>
Could you please help me to stop this flood and get my email usage back to normal ?
I'm experiencing exactly the same with reCaptcha v3, so I downgraded it to reCaptcha v2 checkbox which works for now. Maybe that's a little workaround for the time being until there is a solution for this issue @loranger.
Thanks for the workaround @robhuijben !
I did downgrade too, but I still recieve spams… How can it be !?
I see! It seems that the server side validation does not work properly. Unfortunately I'm not able to discover what is wrong, but maybe @w00fz is? For now I suggest using the honeypot field to prevent bots from spamming your form. Just follow the docs at https://learn.getgrav.org/17/forms/forms/fields-available#honeypot-field.
And for background info I suggest reading this thread on Stackoverflow.
Thanks @robhuijben
I've added a honeypot, but I also created a brand new contact page and updated my form plugin from 5.1.4 to 5.1.5
I don't know what exactly fixed the issue, but my inbox is now spam free, and you cannot really imagine how relieved I am
new contact page
title: 'Formulaire de contact'
menu: Contact
form:
name: contact
fields:
name:
label: Nom
placeholder: 'Votre nom'
autocomplete: 'on'
type: text
validate:
required: true
email:
label: Email
placeholder: 'Votre adresse email'
type: email
validate:
required: true
message:
label: Message
placeholder: 'Saisissez votre message'
type: textarea
rows: 10
validate:
required: true
honeypot:
type: honeypot
g-recaptcha-response:
label: Captcha
type: captcha
recaptcha_not_validated: 'Captcha non valide !'
buttons:
submit:
type: submit
value: Envoyer
reset:
type: reset
value: Effacer
process:
captcha: true
save:
fileprefix: feedback-
dateformat: Ymd-His-u
extension: txt
body: '{% include ''forms/data.txt.twig'' %}'
email:
from: '{{ config.plugins.email.from }}'
to: '{{ config.plugins.email.to }}'
reply_to: '{{ form.value.email }}'
subject: '[Message] {{ form.value.name|e }}'
body: '{% include ''forms/data.html.twig'' %}'
message: 'Message correctement envoyé'
display: thankyou