reCAPTCHA Version 2 works, but I got SPAM over formular

7 replies · opened Jul 25, 2021

OovetterJul 25, 2021

Hallo,
now I try to use reCAPTCHA 2 , but I receive SPAM.
attachment

Formularcode:


						
														

								Kurzmitteilung

								

								

                               	  
										
											
										
									

									
										
											
										
										
									
								  
										
											
										
										
																		
									
									
									
                                    
                                    
                                     
										
										
                                        
                                                         
   
                                    
                                 Email abschicken
                                    
                                

							
                          
                      

**
File form.php:**

 'redaktion@elbsandsteingebirge.de', // Your Email Address
				'name' => 'Redaktion Elbsandsteingebirge Verlag' // Your Name
			);

/*-------------------------------------------------
	Sender's Email
---------------------------------------------------*/

$fromemail = array(
				'email' => 'info@elbsandsteingebirge.de', // Company's Email Address (preferably currently used Domain Name)
				'name' => 'Elbsandsteingebirge Portal' // Company Name
			);

/*-------------------------------------------------
	reCaptcha
---------------------------------------------------*/

// Add this only if you use reCaptcha with your Contact Forms
$recaptcha_secret = '6LeIE7MbAAAAAF8SazPWwVXiKHiP0DzeIGMOIjj6'; // Your reCaptcha Secret

/*-------------------------------------------------
	PHPMailer Initialization
---------------------------------------------------*/

$mail = new PHPMailer();

/* Add your SMTP Codes after this Line */

// End of SMTP

/*-------------------------------------------------
	Form Messages
---------------------------------------------------*/

$message = array(
	'success'			=> 'Wir haben **erfolgreich** Ihre Mail erhalten und werden uns kurzfristig zurückmelden.',
	'error'				=> 'Die Email **konnte nicht** zugestellt werden. Es trat ein unerwarteter Fehler auf. Bitte kontaktieren Sie uns per Telefon.',
	'error_bot'			=> 'Ein Internet Bot wurde erkannt! Die Mail wurde nicht versandt! Bitte versuchen Sie es später noch einmal!',
	'error_unexpected'	=> 'Es trat ein **unerwarteter Fehler** auf. Bitte versuchen Sie es später noch einmal!',
	'recaptcha_invalid'	=> 'Captcha not Validated! Bitte versuchen Sie es noch einmal!',
	'recaptcha_error'	=> 'Captcha not Submitted! Bitte versuchen Sie es noch einmal!'
);

/*-------------------------------------------------
	Blocked Words from Forms
---------------------------------------------------*/

$spam_keywords = array(
	'viagra',
    'querdenker',
    'afd', 
    'faschist',
    'nazi', 
    'hass', 
    'idiot', 
    'ausländer',
    'hitler',
	'cialis',
	'levitra'
);

/*-------------------------------------------------
	Form Processor
---------------------------------------------------*/

if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

	$prefix		= !empty( $_POST['prefix'] ) ? $_POST['prefix'] : '';
	$submits	= $_POST;
	$botpassed	= false;

	$message_form					= !empty( $submits['message'] ) ? $submits['message'] : array();
	$message['success']				= !empty( $message_form['success'] ) ? $message_form['success'] : $message['success'];
	$message['error']				= !empty( $message_form['error'] ) ? $message_form['error'] : $message['error'];
	$message['error_bot']			= !empty( $message_form['error_bot'] ) ? $message_form['error_bot'] : $message['error_bot'];
	$message['error_unexpected']	= !empty( $message_form['error_unexpected'] ) ? $message_form['error_unexpected'] : $message['error_unexpected'];
	$message['recaptcha_invalid']	= !empty( $message_form['recaptcha_invalid'] ) ? $message_form['recaptcha_invalid'] : $message['recaptcha_invalid'];
	$message['recaptcha_error']		= !empty( $message_form['recaptcha_error'] ) ? $message_form['recaptcha_error'] : $message['recaptcha_error'];

	/*-------------------------------------------------
		Bot Protection
	---------------------------------------------------*/

	if( isset( $submits[ $prefix . 'botcheck' ] ) ) {
		$botpassed = true;
	}

	if( !empty( $submits[ $prefix . 'botcheck' ] ) ) {
		$botpassed = false;
	}

	if( $botpassed == false ) {
		echo '{ "alert": "error", "message": "' . $message['error_bot'] . '" }';
		exit;
	}

	/*-------------------------------------------------
		SPAM Protection
	---------------------------------------------------*/

	function spam_keyword_check( $submitted, $spamwords ) {
		if( is_array( $submitted ) ) {
			return false;
		}
		if( !is_array( $spamwords ) ) $spamwords = array( $spamwords );
		foreach( $spamwords as $spamstring ) {
			if( ( $position = stripos( $submitted, $spamstring ) ) !== false ) return $position;
		}
		return false;
	}

	foreach( $submits as $spam_submit ) {
		if( spam_keyword_check( $spam_submit, $spam_keywords ) ) {
			// A successful message is displayed to the submitter that makes him think that the Form has been sent so that he cannot modify the keywords to prevent SPAM
			echo '{ "alert": "success", "message": "' . $message['success'] . '" }';
			exit;
		}
	}

	/*-------------------------------------------------
		reCaptcha
	---------------------------------------------------*/

	if( isset( $submits['g-recaptcha-response'] ) ) {

		$recaptcha_data = array(
			'secret' => $recaptcha_secret,
			'response' => $submits['g-recaptcha-response']
		);

		$recap_verify = curl_init();
		curl_setopt( $recap_verify, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify" );
		curl_setopt( $recap_verify, CURLOPT_POST, true );
		curl_setopt( $recap_verify, CURLOPT_POSTFIELDS, http_build_query( $recaptcha_data ) );
		curl_setopt( $recap_verify, CURLOPT_SSL_VERIFYPEER, false );
		curl_setopt( $recap_verify, CURLOPT_RETURNTRANSFER, true );
		$recap_response = curl_exec( $recap_verify );

		$g_response = json_decode( $recap_response );

		if ( $g_response->success !== true ) {
			echo '{ "alert": "error", "message": "' . $message['recaptcha_invalid'] . '" }';
			exit;
		}
	}

	$template	= !empty( $submits['template'] ) ? $submits['template'] : 'html';
	$html_title	= !empty( $submits['html_title'] ) ? $submits['html_title'] : 'Kurzanfrage von elbsandsteingebirge.de';
	$forcerecap	= ( !empty( $submits['force_recaptcha'] ) && $submits['force_recaptcha'] != 'false' ) ? true : false;
	$replyto	= !empty( $submits['replyto'] ) ? explode( ',', $submits['replyto'] ) : false;

	if( $forcerecap ) {
		if( !isset( $submits['g-recaptcha-response'] ) ) {
			echo '{ "alert": "error", "message": "' . $message['recaptcha_error'] . '" }';
			exit;
		}
	}

	/*-------------------------------------------------
		Auto-Responders
	---------------------------------------------------*/

	$autores	= ( !empty( $submits['autoresponder'] ) && $submits['autoresponder'] != 'false' ) ? true : false;
	$ar_subject	= !empty( $submits['ar_subject'] ) ? $submits['ar_subject'] : 'Thanks for your Email';
	$ar_title	= !empty( $submits['ar_title'] ) ? $submits['ar_title'] : 'Its so good to hear from You!';
	$ar_message	= !empty( $submits['ar_message'] ) ? $submits['ar_message'] : 'Autoresponder Message';

	preg_match_all('#\{(.*?)\}#', $ar_message, $ar_matches);
	if( !empty( $ar_matches[1] ) ) {
		foreach( $ar_matches[1] as $ar_key => $ar_value ) {
			$ar_message = str_replace( '{' . $ar_value . '}' , $submits[ $ar_value ], $ar_message );
		}
	}

	$ar_footer	= !empty( $submits['ar_footer'] ) ? $submits['ar_footer'] : 'Copyrights © ' . date('Y') . ' **SemiColonWeb**. All Rights Reserved.';

	$mail->Subject = !empty( $submits['subject'] ) ? $submits['subject'] : 'Formularanfrage von www.elbsandsteingebirge.de';
	$mail->SetFrom( $fromemail['email'] , $fromemail['name'] );

	if( !empty( $replyto ) ) {
		if( count( $replyto ) > 1 ) {
			$replyto_e = $submits[ $replyto[0] ];
			$replyto_n = $submits[ $replyto[1] ];
			$mail->AddReplyTo( $replyto_e , $replyto_n );
		} elseif( count( $replyto ) == 1 ) {
			$replyto_e = $submits[ $replyto[0] ];
			$mail->AddReplyTo( $replyto_e );
		}
	}

	foreach( $toemails as $toemail ) {
		$mail->AddAddress( $toemail['email'] , $toemail['name'] );
	}

	$unsets = array( 'prefix', 'subject', 'replyto', 'template', 'html_title', 'message', 'autoresponder', 'ar_subject', 'ar_title', 'ar_message', 'ar_footer', $prefix . 'botcheck', 'g-recaptcha-response', 'force_recaptcha', $prefix . 'submit' );

	foreach( $unsets as $unset ) {
		unset( $submits[ $unset ] );
	}

	$fields = array();

	foreach( $submits as $name => $value ) {

		if( empty( $value ) ) continue;

		$name = str_replace( $prefix , '', $name );
		$name = mb_convert_case( $name, MB_CASE_TITLE, "UTF-8" );

		if( is_array( $value ) ) {
			$value = implode( ', ', $value );
		}

		$fields[$name] = $value;

	}

	$files = $_FILES;

	foreach( $files as $file => $filevalue ) {

		if( is_array( $filevalue['name'] ) ) {

			$filecount = count( $filevalue['name'] );

			for( $f = 0; $f IsHTML(true);
					$mail->AddAttachment( $_FILES[ $file ]['tmp_name'][ $f ], $_FILES[ $file ]['name'][ $f ] );
				}
			}

		} else {

			if ( isset( $_FILES[ $file ] ) && $_FILES[ $file ]['error'] == UPLOAD_ERR_OK ) {
				$mail->IsHTML(true);
				$mail->AddAttachment( $_FILES[ $file ]['tmp_name'], $_FILES[ $file ]['name'] );
			}

		}

	}

	$response = array();

	foreach( $fields as $fieldname => $fieldvalue ) {
		if( $template == 'text' ) {
			$response[] = $fieldname . ': ' . $fieldvalue;
		} else {
			$fieldname = '
								' . $fieldname . '
							';
			$fieldvalue = '
								' . $fieldvalue . '
							';
			$response[] = $fieldname . $fieldvalue;
		}
	}

	$referrer = $_SERVER['HTTP_REFERER'] ? '

Das Formular stammt von: ' . $_SERVER['HTTP_REFERER'] : '';

	$html_before = '
				
					
						
						
							
								
									';

	$html_after = '
								
							
						
					
				
			';

	if( $template == 'text' ) {
		$body = implode( "
", $response ) . $referrer;
	} else {
		$html = $html_before . '
									
										
											
												' . $html_title . '
											
										
									
									

									
									
										' . implode( '', $response ) . '
									

									
									
										
											
												
													
														' . strip_tags( $referrer ) . '
													
												
											
										
									
									' . $html_after;

		$body = $html;
	}

	if( $autores && !empty( $replyto_e ) ) {
		$autoresponder = new PHPMailer();

		/* Add your Auto-Responder SMTP Codes after this Line */

		// End of Auto-Responder SMTP

		$autoresponder->SetFrom( $fromemail['email'] , $fromemail['name'] );
		if( !empty( $replyto_n ) ) {
			$autoresponder->AddAddress( $replyto_e , $replyto_n );
		} else {
			$autoresponder->AddAddress( $replyto_e );
		}
		$autoresponder->Subject = $ar_subject;

		$ar_body = $html_before . '
					
						
							
								' . $ar_title . '
							
						
					
					

					
					
						
							' . $ar_message . '
						
					

					
					
						
							
								
									
										' . $ar_footer . '
									
								
							
						
					
					' . $html_after;

		$autoresponder->MsgHTML( $ar_body );
	}

	$mail->MsgHTML( $body );
	$mail->CharSet = "UTF-8";
	$sendEmail = $mail->Send();

	if( $sendEmail == true ):

		if( $autores && !empty( $replyto_e ) ) {
			$send_arEmail = $autoresponder->Send();
		}

		echo '{ "alert": "success", "message": "' . $message['success'] . '" }';
	else:
		echo '{ "alert": "error", "message": "' . $message['error'] . '

**Reason:**
' . $mail->ErrorInfo . '" }';
	endif;

} else {
	echo '{ "alert": "error", "message": "' . $message['error_unexpected'] . '" }';
}

?>

Please help ...
Thanks

SSemicolon WebSTAFFJul 26, 2021

Hello,

We have checked the Forms Code and they appear to be fine. The standard Honey-Pot spam protection works and also reCaptcha v2. But please note that SPAM Bots are always evolving. SPAM that are coming through are not really Bot SPAMs but looks like Human SPAM which can’t be prevented directly. You can provide us with your FTP Details and we can setup reCaptcha v3 for you which should be more effective.

Hope this Help!

Let us know if we can help you with anything else or if you find any further issues.

OovetterJul 27, 2021

Hallo,
what you need to setup reCAPTCHA v3 ?

Can I solve this by my self?
I am not authorized to provide the FTP access.

I use Canvas V5.

Thanks O.Vetter

SSemicolon WebSTAFFJul 27, 2021

Hello,

The reCaptcha v3 Codes should work fine out of the Box by default provide that the reCaptcha api v3 keys and key permissions are correctly configured according to your Website.

Use this Code in the HTML File replacing the Old reCaptcha v3 Codes:
[ch_pre]

grecaptcha.ready(function() {
	grecaptcha.execute('YOUR-SITE-KEY', {action: 'contact_page'}).then(function(token) {
		// add token value to form
		document.getElementById('g-recaptcha-response').value = token;
	});
});

[/ch_pre]

and for the include/form.php File we have attached the Latest File here.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

OovetterJul 27, 2021

Hallo ,
what means:

// add token value to form
document.getElementById('g-recaptcha-response').value = token;

I only understand, that I have to input my 'YOUR-SITE-KEY'.

Must I change also other values ?

Thanks O.Vetter

SSemicolon WebSTAFFJul 27, 2021

You will just need to change YOUR-SITE-KEY in the Codes. And then your Secret Key in the include/form.php File.

That's it.

OovetterJul 28, 2021

Hallo,
I try it next week. I'm in vacation.

Thanks.

SSemicolon WebSTAFFJul 28, 2021

Sure. Please do let us know if you are facing any further issues.

Safe Vacations. :)

Have the same question, or something new?

Sign in to the Canvas dashboard to reply or open your own topic. Canvas owners get direct help from the SemiColonWeb team.

Reply on the dashboard