Provides a simple and modern way to prevent spam bots from submitting in your Blocs contact forms.
No checkbox to enable, just an easy-to-use image captcha.
It’s nice to see that someone is attempting to address the issue of form spam, but is reCapture really the way to go? I know it’s great business for Google because it allows them to add even more tracking code onto web users, but ultimately, it’s not the best defence against spam - particularly now that it is without a challenge. Machine learning (which is what invisible reCapture uses) means that determined spammers will come up with machine generated bypass methods.
I feel a better thing to develop would be a new form bric that can included hidden fields which can be set to pre-filled values or must remain empty. There should also be an option to direct forms to external form scripts, many of which now have some fairly nifty spam detection.
That said, I have to admit, the only spam received from the Blocs form script comes from the manual form-fillers sitting in front of a computer screen. Spam-Bots don’t usually get very far with a Blocs form because the email address is well hidden and most spam bots harvest email addresses.
On the rare occasion I’ve received spam from a Blocs form, it only inconveniences me - the form script doesn’t appear too susceptible to acting as a spam gateway which could affect thousands of other people.
To use a real belt and braces method of dealing with the manual spammers (which is where the real problem lies with website forms) is to have the form direct to a cloaked email address before being forwarded to a real email. By doing this, if the volume of spam becomes a real problem, just change the cloaked email address on the website form and delete the old one.
Anyway, I’m sure some may find it useful, but I’m wondering how many Blocs websites have been badly affected by spam?
@tjones - thanks - everyone’s support is appreciated !
@hendon52 - I can kind of see some your objections, but I would like to give some more info & my reasons for doing this:
First & foremost, it does have an effective challenge - that would be the image/audio captcha matching - bots can’t make the leap to understand which random image to click.
‘Honey traps’ or non-filled in inputs are the old way to detect bots & those can easily be detected by the bot looking at the styling & avoiding those traps. I thought about putting one in but, due to it’s inherit weakeness & the new captcha will already block those bots, it seemed a mute point.
If you have a real concern about human spammers, then sure, set up a ‘spam’ email on your hosting account & use that directly in the form. Then, as you say, if it becomes a problem, change it.
Invisible reCAPTCHA is an easy way to deal w/ the next generation of spam bots that DO submit to website forms, i.e. they are turning to this method, ‘through the back door’, as they’ve already been blacklisted through typical isp blacklisting methods.
It’s meant as a useful tool for your web design ‘toolbox’.
Once I received your email and downloaded the BRIC, I installed it in Blocs 3.2 Build 5
And the BRIC reCAPTCHA does not appear in the BRIC manager of Blocs.
I do not know if it’s a mistake of mine or your Bric with Blocs 3
Yeah, install through Window > Extension Manager
And make sure you can see it in the bric popup under Misc group at bottom. If not, then need to toggle Bric > Toggle Custom Brics on/off
Edit: And yes, you probably will need to restart Blocs for the new Bric to load - sorry I forgot to mention that
I’ve just purchased @Bill’s reCAPTCHA bric and installed it with the Extension Manager. It didn’t show up in my copy of Blocs v3.1.2 too, even when I used the Bric > Toggle Custom Brics on/off option. However quitting Blocs and then restarting the app again made the bric appear for me. Happy days!
The Invisible reCAPTCHA bric currently uses an image captcha (google captcha v2). I’ll take a look at v3, but my gut reaction is that it will require a lot more technical knowledge and settings management than most will be comfortable with
Hi @Bill. I finally got around to adding your reCAPTCHA bric to my site today. I watched your video again, and followed the procedure you demonstrated - although I found the Google interface has changed a little since you recorded your movie, i.e. I had to select reCAPTCHA v2 first, and then chose the Invisible option. I copied the key into Blocs. Copied the name of the form and added it to your bric. Exported my site and FTPed it to my server. However the reCAPTCHA badge doesn’t appear
Have you got any words of wisdom on what I’ve done wrong, and what I could try to resolve this issue please? Thanks.
From what I have been able to find out there is really nothing different than doing the v2 version, the only thing is that you get a different key from Google. v3 is certainly a lot more user friendly, end user that is. I have used it on other non-Blocs sites and the setup was almost identical to what you currently have for the v2 version.
I took a few minutes to look over the v3 google specs: Well, it would require a bunch more back-end integration and checking and you would probably have to set a score to prevent it being sent and then constantly check your google admin panel to monitor the scores coming through and see if any legitimate submittals were blocked. Although I’m still not sure if it will allow back-end verification to prevent the spam bot from submitting the form initially, which if it doesn’t, defeats the purpose of having it