Thread

EE CAPTCHA not stopping bot submissions

October 03, 2017 12:29pm

Subscribe [2]
  • #1 / Oct 03, 2017 12:29pm

    ipatrick

    75 posts

    I’m currently using the EE CAPTCHA functionality on the member registration page. But I’m getting at least 100 bogus registrations each day. The website admin approval process is getting overwhelmed by these fake registrations.

    Can anyone suggest a better form CAPTCHA that works with EE? The built in one doesn’t work and isn’t worth using.

    ExpressionEngine is up to date (2.11.9)

  • #2 / Oct 25, 2017 8:01pm

    Derek Jones's avatar

    Derek Jones

    7176 posts

    Sadly CAPTCHA is not good enough to stop spammers by itself. Most these days are paid humans using a script to help them register en masse, but their software pops up prompts to let them type in CAPTCHA, etc. It’s sickening to see some of the YouTube videos, but that’s the sad reality.

    Have you found a pattern to the source? You may find it beneficial to block certain traffic at the firewall level, not even letting it reach ExpressionEngine. Also make sure you are requiring self-validation (though their software helps them make that quick too), and that you have not disabled any of ExpressionEngine’s security features, like “Secure Forms”, the CSRF protection. Lastly, you can augment the built-in CAPTCHA with a honeypot, or even better, a tool like Snaptcha.

ExpressionEngine News

#eecms, #events, #releases