reCaptcha v2 gets surmounted

  • Resolved semidark

    (@semidark)


    2 years, 3 months ago

    Hey,

    I just found and installed your Plugin to stop an ongoing brute force attack to a customer website. Everything seems nice, but the Captcha seams to get surmounted by the attacker without any problems.

    I can’t imagine that there is a real person solving all those captchas, so I looked into the security of the reCaptcha V2. It seems it is not to hard for Attackers to automate the task of solving the captcha. Are there any plans to upgrade to reCaptcha V3?

    Thnx
    Semidark

    • This topic was modified 2 years, 3 months ago by semidark.
    • This topic was modified 2 years, 3 months ago by semidark.
Viewing 1 replies (of 1 total)

  • Thank you for your email and the suggestion regarding v3 of reCaptcha.

    reCaptcha v3 works in a different way – here is the description from Google:
    reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score, giving you the ability to take action in the context of your site: for instance requiring additional factors of authentication, sending a post to moderation, or throttling bots that may be scraping content.

    You can certainly add v3 to your site by using a different plugin but there are issues to be aware of. v3 generates a score that you can act upon, but there is no way for a user to prove that they are a genuine user (e.g. by solving a challenge). If you were to lock out a user’s account and take away the ability to prove they are not an attacker there could be real difficulty getting back in to your system.

    I hope this helps.

    Kind regards,

    GuardGiant team.

Viewing 1 replies (of 1 total)
  • The topic ‘reCaptcha v2 gets surmounted’ is closed to new replies.