1
I have a website made in VB.net and he has a contact form where he has a Google Recaptcha 2 in it and today had a citizen who is able to send messages in this form and going through Recaptcha without any problem. It is always sending from the same IP for now. There is how to improve the security in this form to stop it?
Is there any way you can post the code on this form? If he’s actually breaking the recaptcha, it’s more complicated, but maybe he’s just avoiding (bypassing) the same due to some incorrect configuration either on the page itself or in the server code (where it processes the information sent by the page).
– mgibsonbr
"I’ve surrounded my house but the coyotes keep coming in, how can I make my home safer?" It is equally impossible to answer without examining the house. Put the code or the URL so we can also try to hack and find the fault.
– rodorgas
"Post the code or the URL so we can also try to hack and find the flaw." I think if he posts the URL and many people find the loophole his client will not like... But you and mgibsonbr are right, of course.
– Molx
The solution path is not the captcha system, where you have no control and will always have to wait for new updates from google captcha. Captcha systems including google’s are not security solutions, they’re just add-ons.There will always be simple ways to bypass captcha, my tip is that you work with interval system in the form and IP identification, Blacklist`s, etc... no pube can resist that. Trust me !!
– user49923