Spam bots easily get around all honeypot features

Started off using Google recaptcha V3, but it was blocking a lot of legitimate submissions, including from ourselves when testing on various devices on various networks.

So we switched to V2 using a plugin which reenabled it, this opened the floodgates to spam, so this is quite useless (unless the plugin has implemented without validating the recaptcha) .

So we used the honeypot field with Flamingo, not a single spam submission included data in the honeypot field, they can simply look for the associated label to see it’s a honeypot.

The time check was a feature I recommended and was implemented, which works great when we worked with Drupal. The problem here is that you’re including the unix timestamp and the timecheck seconds in the HTML, making it obvious to bots how long to wait to submit, or simply change the data in the fields to disable it.

Right now, we have V2 reCaptcha with all honeypot features and we had a lot of spam at the weekend. I’m starting to wonder if there is an issue with our implementation, is anyone else getting these issues?

• This topic was modified 2 years, 6 months ago by joec002.
• This topic was modified 2 years, 6 months ago by joec002.