3

I have installed google recaptcha v3 in my html form but i'm still getting spam emails, what should i do next to prevent spams ? Any way without using php code only js scripts ?

My code is using this one :

 <script src="https://www.google.com/recaptcha/api.js"></script>

Add a callback function to handle the token.

<script>
   function onSubmit(token) {
     document.getElementById("demo-form").submit();
   }
 </script>

Add attributes to your html button.

<button class="g-recaptcha" 
        data-sitekey="reCAPTCHA_site_key" 
        data-callback='onSubmit' 
        data-action='submit'>Submit</button>
Mohamed Masmoudi
  • 547
  • 1
  • 9
  • 23
  • 2
    Have you checked in Google Console is your recaptcha working fine? What percentage of requests it is blocking? – Zoran Stankovic Oct 05 '20 at 10:19
  • How can i check it in the console ? should i console.log some variables or so ? – Mohamed Masmoudi Oct 05 '20 at 10:41
  • I don't mean on console.log, but on Google control panel. Please check next page: https://www.google.com/recaptcha/admin – Zoran Stankovic Oct 05 '20 at 12:34
  • 1
    Also, check if your website hasn't the email write somewhere on front-end. Any exposed emails will get many spams. If your app send a email to the user when fill the form, maybe the spanner have saved the email to keep sending spams. – Alecell Apr 02 '21 at 21:30

2 Answers2

7

You have to verify the captcha request server side. You are likely getting hit with spambots. Having only client side validation will only work against most humans, not bots.

Bots do not care if your client side has reCAPTCHA as they likely reading your HTML form's action URL and directly sending a POST request to it without your validation script - in short they are bypassing reCAPTCHA and other client side validation.

You should also be warry of posting your email address directly on your site as they often get scraped and spammed as well. Here is an old post that talks about obfuscation of on site email address to prevent spam.

DisappointedByUnaccountableMod
  • 6,656
  • 4
  • 18
  • 22
Sean W
  • 5,663
  • 18
  • 31
0

Try this

function submit(e) {
  e.preventDefault();
  var response = grecaptcha.getResponse();

  if (response.length == 0) {
    //reCaptcha not verified
  } else {
    //reCaptch verified
    document.getElementById("demo-form").submit();
  }
}
<script src="https://www.google.com/recaptcha/api.js"></script>
<form onsubmit="submit();">
  <input type="text" name="name">
  <button class="g-recaptcha" data-sitekey="reCAPTCHA_site_key" data-callback='submit' data-action='submit'>Submit</button>
</form>

Change the right key in there !

questionmaster
  • 9
  • 2