Skip to Content Skip to Menu

Registration Integration using hCaptcha

  • trlbldr
  • trlbldr
  • OFFLINE
  • Posts: 102
  • Thanks: 8
  • Karma: 1
10 months 7 hours ago #336827 by trlbldr
People who attempt to sign up as website users on our website using the CB Registration Form ( usncva.org/about/sign-up.html ) are frustrated by an error message stating "Invalid Captcha Code" even though the hCaptcha plugin affirms they passed.

I have configured CB AntiSpam to use the Joomla (Global) Captcha setting:
 

I turned off Blocking in CB AntiSpam:
 

And I configured the Captcha - CB AntiSpam plugin to use the Global Captcha setting:
 

What else should I do?

Don White

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
10 months 7 hours ago #336828 by krileon
Replied by krileon on topic Registration Integration using hCaptcha
I cannot guarantee every 3rd party captcha plugin will work with CB AntiSpam. I've no idea how they're coded, if they require some specific form binding JS, or if they're using Joomla's captcha plugin API properly for validating the captcha. My guess is that plugin just isn't going to work well with CB AntiSpam.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • trlbldr
  • trlbldr
  • OFFLINE
  • Posts: 102
  • Thanks: 8
  • Karma: 1
10 months 5 hours ago #336829 by trlbldr
Replied by trlbldr on topic Registration Integration using hCaptcha

I cannot guarantee every 3rd party captcha plugin will work with CB AntiSpam. I've no idea how they're coded, if they require some specific form binding JS, or if they're using Joomla's captcha plugin API properly for validating the captcha. My guess is that plugin just isn't going to work well with CB AntiSpam.

I'm not asking for a guarantee regarding every 3rd party captcha plugin, no more than I would expect or ask that every 3rd party plugin work with CB. On the other hand, and in light both of the removal of the native Joomla ReCaptcha plugin and of Google's reorientation of ReCaptcha - promoting the new, paid ReCaptcha Enterprise, discontinuance of ReCaptcha v2 and v3 while leaving Invisible ReCaptcha, it seems that hCaptcha would be worth integration with CB.

The introduction of MFA removed the need to use a Captcha tool to login to a Joomla 5 website. But MFA cannot be used with the CB Registration Form since the prospective user hasn't yet set up unique user credentials before selecting the Sign Up button.

Oh, well. Just random thoughts from a non-developer. Thanks for reading.

Don White

Please Log in or Create an account to join the conversation.

  • Xlym
  • Xlym
  • OFFLINE
  • Posts: 52
  • Thanks: 9
  • Karma: 0
9 months 4 weeks ago #336830 by Xlym
Replied by Xlym on topic Registration Integration using hCaptcha
I can confirm that CB Anti Spam works perfectly by adding Captcha to my registration, login, contacts, and password reminders and resets.

I was receiving 60 spam emails before using CB Anti Spam.
After using CB Anti Spam, I received 0 spam emails.
The following user(s) said Thank You: krileon

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
9 months 4 weeks ago - 9 months 4 weeks ago #336835 by krileon
Replied by krileon on topic Registration Integration using hCaptcha

I'm not asking for a guarantee regarding every 3rd party captcha plugin, no more than I would expect or ask that every 3rd party plugin work with CB. On the other hand, and in light both of the removal of the native Joomla ReCaptcha plugin and of Google's reorientation of ReCaptcha - promoting the new, paid ReCaptcha Enterprise, discontinuance of ReCaptcha v2 and v3 while leaving Invisible ReCaptcha, it seems that hCaptcha would be worth integration with CB.

I'm not sure were you read the reCaptcha v2 and v3 are discontinued. You can generate keys for them perfectly fine. reCaptcha Enterprise is just that enterprise. It's meant for large scale businesses to have a much stronger and tailored captcha. I wouldn't expect smaller sites to ever need that.

Both hCaptcha and Cloudflare Turnstile are planned to be implemented. This is noted below on our CB AntiSpam ticket tracker (this is all public, feel free to see what's coming next for other plugins!).

forge.joomlapolis.com/projects/cb-cbantispam/issues

CB AntiSpam also includes its own internally generated captcha. This can be customized per-site. Makes it more difficult to be defeated by bots and you can change it regularly as needed. One huge benefit of it is it includes image question based captcha. So you can add questions that are specific to the topic of your website that your users would be expected to know. Most bots just completely fail these.

The introduction of MFA removed the need to use a Captcha tool to login to a Joomla 5 website. But MFA cannot be used with the CB Registration Form since the prospective user hasn't yet set up unique user credentials before selecting the Sign Up button.

MFA should work perfectly fine with CB. What issues are you having with setting it up? Ensure the "params" field is set to display on registration as it's responsible for outputting the MFA fields. If MFA isn't working as it should that's certainly something we need to fix.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 9 months 4 weeks ago by krileon.

Please Log in or Create an account to join the conversation.

  • trlbldr
  • trlbldr
  • OFFLINE
  • Posts: 102
  • Thanks: 8
  • Karma: 1
9 months 4 weeks ago #336840 by trlbldr
Replied by trlbldr on topic Registration Integration using hCaptcha

I'm not sure were you read the reCaptcha v2 and v3 are discontinued. You can generate keys for them perfectly fine. reCaptcha Enterprise is just that enterprise. It's meant for large scale businesses to have a much stronger and tailored captcha. I wouldn't expect smaller sites to ever need that.

Yes, Google allows one to add a site to your reCaptcha account for v3 or v2:
 

The CB AntiSpam plugin does not allow one to select reCAPTCHA v3:
 
Note that Google reCaptcha v3 is not included in the list and that Invisible cannot be created from one's Google account.

And CB AntiSpam allows these reCAPTCHA modes:
 
Note that "Invisible" cannot be created from one's Google reCaptch account.

CB AntiSpam also includes its own internally generated captcha. This can be customized per-site. Makes it more difficult to be defeated by bots and you can change it regularly as needed. One huge benefit of it is it includes image question based captcha. So you can add questions that are specific to the topic of your website that your users would be expected to know. Most bots just completely fail these.

I had to build a work-around using the Honeypot variant. To do this successfully, I set the Captcha field in General Configuration to use the CB AntiSpam plugin. This was guesswork on my part; very little documentation exists in the CB Primer.
Since this is an internal operation, it's use is, for us, akin to an article of faith. Our website is hit with hundreds of malware and hacking attempts even though no classified information is published on the site. Keywords associated with U.S. Navy, communications, and cryptology are the driving factors.

MFA should work perfectly fine with CB. What issues are you having with setting it up? Ensure the "params" field is set to display on registration as it's responsible for outputting the MFA fields. If MFA isn't working as it should that's certainly something we need to fix.

I did not complain about MFA and its use with CB. My point was, and is, that MFA is useless with the CB Registration Form since the person attempting to register does not have a user account; that's the purpose for using the Registration Form.

Don White

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum