Invisible ReCaptcha V3 and missing required field triggers hacker attack warning

  • azurelinksc
  • Offline
  • Senior Member
  • Senior Member
More
4 weeks 1 day ago #9236 by azurelinksc
Hola Jose,

I am also having an issue with a warning message on an RSForm! Pro form which says, "A sequence has been detected that could mean a hacker attack. Your request cannot be processed."

I tested the form with all fields completed and it submitted fine. Then I tested it with a required field empty (Phone) and got that warning message. The SCP firewall log record says, "Line comments :[POST:form] ".

I should mention that this problem seems to have started after I installed and enabled Google Invisible ReCaptcha 3.

I then disabled the Invisible ReCaptcha 3 plugin and did the following two test submits:

1. Form test with required Phone field empty — Got the RSForm! Pro (which I created) "This is a required field."

2. Form test with required Phone field completed — Form submitted properly and redirected to Thank You page.

So it would maybe SCP and Invisible ReCaptcha V3 are not playing well together? Maybe Invisible ReCaptcha v3 is creating code that triggers SCP? Is the first warning text about the "hacker attack" from SCP or Google?

is that warning message from Google or SCP? (I'd like to edit it if there isn't a workaround.)
 

Please Log in or Create an account to join the conversation.

More
4 weeks 1 day ago #9237 by Jose
Hola azurelink!

The "line comments" filter can cause false positives like this, so you have to add the extension reported in the log as exception (just select the log and click on the add exception button). This will solve your issue.

Take note that this issue will not always arise; it depends of the Google recaptcha field sent (that changes on every refresh).

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • azurelinksc
  • Offline
  • Senior Member
  • Senior Member
More
4 weeks 1 day ago #9238 by azurelinksc
Thanks for your quick reply, Jose.
I always worry that if I add extensions as exceptions, does this mean that SCP is no longer monitoring the activity (of the form, in this case) and it can therefore be hacked?

Please Log in or Create an account to join the conversation.

More
4 weeks 1 day ago #9239 by Jose
You're welcome!

Adding a component as exception doesn't affect the security as if there is a vulnerability reported for it the exception will be ignored. And in this case the 'line comments' filter is part of the 'sql injection' protection, that has other filters to protect against that kind of attacks.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.167 seconds