Home/ Questions/Q 7619367
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T03:40:11+00:00

I have a huge problem with my reCAPTCHA! Spammers can send their ugly stuff

  • 0

I have a huge problem with my reCAPTCHA! Spammers can send their ugly stuff even if I have reCAPTCHA “installed” on my website. I have created a own skin to reCAPTCHA and I have readed their wiki to make sure that I did everything right, but unfortunately something went wrong.

Here’s how I have done it:

Form 

    <!-- reCAPTCHA -->
    <div class="paddingbottom-5">
        <div style="border: 1px solid #d1d1d1; width: 300px;">
            <div id="recaptcha_image"></div>
        </div>
    </div>


    <!-- reCAPTCHA: Textfield -->
    <input type="text" name="recaptcha_response_field" id="recaptcha_response_field" tabindex="5">

    <!-- reCAPTCHA: Reload -->
    <a href="javascript:Recaptcha.reload()" class="noborder-link">
        <img src="'.ICON.'arrow-circle-double-135.png" alt="" class="image-icon-right">
    </a>

</div>

Configuration (is stored below the require_once('configs/required/classes/class.recaptchalib.php'); in the same file as the form)

$response = recaptcha_check_answer(
    CAPTCHA_PRIVATE,
    IPADDRESS_NOHASH,
    $_POST['recaptcha_challenge_field'],
    $_POST['recaptcha_response_field']
);

CAPTCHA_PRIVATE contains my private key for reCAPTCHA which is linked to the right address (duh). IPADDRESS_NOHASH looks like this: define('IPADDRESS_NOHASH', get_realip());. The function “get_realip()” looks like this:

function get_realip() {
    if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];

    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }

    return $ip;
}

I have also this function in JavaScript to apply my custom theme:

var RecaptchaOptions = {
    theme : 'custom',
    custom_theme_widget: 'recaptcha_widget'
};

I have made the class file for reCAPTCHA (class.recaptchalib.php) more prettier (it have now the same structure as the form structure, for an example) and I have also removed everything that belongs to the MailHide API because I don’t use that API – only reCAPTCHAs API.

What’s wrong? Have I missed something?

Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Recaptcha is definitely not UNbreakable by spambots. I developed an OCR solution by my own within 12 hours from scratch and was able to break reCaptcha and the Yahoo-Captchas. (In Python, C and Java, using only third-party libraries for reading jpeg/gif/png.) Actually, it’s an easy task, for a good programmer.

    Anyway, reCaptcha will stop “beginners”.

    The best way to get rid of spam is to add some honey-pots to your website. Usually, this works the best. Of course, such a custom-solution takes a little time, but surely not longer than one day.

    There are many (easy) tricks for honeypots, which you may find on Google. For e.g. hidden text fields (using css) and so on. In my case, I don’t need captchas at all, since I added a bot-trap with a few lines of code.

    Good luck! 🙂

    • 0