Hello Yofie Setiawan,

I tried the default captcha too, but this is nothing against these spambots. Per day I get 50-100 spam emails now and needed to deactivate my contact formulars. Otherwise I will get inserted in a junk database and cant communicate anymore with my customers.

There is only a workarround to use the old Google Invisible reCaptcha, but this is not really a solution. Official the Joomla-Team removed the support of the Google reCaptchas with the release of Joomla 5. Thats allmost 1 year ago. Looks like nobody had this on their paper.

I am really sad I was not able in a few days to implement my own captcha. It was allmost working.

I hope we get a real solution soon or at least a answer that they work on it. Google is not really a solution anymore after they changed everything about the reCaptcha and want money now earlier. Google is even a problem, because of the data policy. We need a inbuild solution in the form_builder from Joomshaper.

Have a nice day!

Best regards Pascal

"Otherwise I will get inserted in a junk database and cant communicate anymore with my customers."

Can you explain more about that "junk database"? Should i also be concern?

Hi again,

the thing is the contact formular is sending emails with our email credentials over our webprovider. Somewhere in Joomla we set the SMTP settings for it.

In this case bots are sending spam over it and maybe in a high frequence. The webprovider of the receiver email adresses will check if our emails are spam and insert us in some of the official junk mail databases. If other email servers are using these databases we cant send emails anymore to our real customers. It allready happen to me.

Normally we use a email server and it ip address with other customers of our webprovider. It is possible that all other customers get trouble, because of us.

It is not good when bots send emails with our contact formulars.

Best regards Pascal

Hello Melissa Waldrup-Old,

thats the thing. We cant go with the time now and use the newest Joomla etc. without workarrounds. Thats not good at all.

Joomla 5 got released in october 2023. Thats allmost one year ago. With this release the Joomla team removed all Google reCaptchas. And I explained the reason above. Even because of data policies its not a option to use Google reCaptcha. On the end Google can even block our form_builder formulars and we get no informations. If Google want they just stop the submit. For example, when we reach the new limit for the reCaptcha Enterprise.

I really dont want to understand why Joomshaper dont have it on the paper. It is a very important thing. Without the Form_Builder my customers cant connect me on a easy way.

I have a lot of customers they use the Form_Builder and its just essential. I am paying since 2021 for the Agency subscription and payed 299 Euro per year. Maybe one time with a discount on halloween. But now the prices went up to 399 Euro per year. 25% more. Thats just wow!

When I look back how much trouble I got. I found still a lot of bugs. I dont know if this is the way I want to go in the future. I needed to fix a lot with own CSS code.

Now we are waiting over 48h. Joomshaper maybe dont care or just dont have a solution yet. I really hate it when companies dont answer or wait more then 24h.

I am really unhappy about the situation. Joomshaper should know ;-)! I am not the first guy that write about it. Allmost 1 year and no update about it. Normally a company like Joomshaper should have a product manager. Maybe he sleeped?

@Joomshaper. Would be nice when you get in and explain: Are you working on a solution? Did you check the problem about it?

Thank you in advance!

Best regards Pascal

Unfortunately, we may be waiting a while due to an internet outage.

https://www.joomshaper.com/forum/question/34046

Ah, thank you for the information. I did not notice it.

Hello Stuart Clark,

I am quite sure this is an option that will work.

I tried it by my own and failed. But I was able to select my captcha from the admin.php menu. So thats easy. The problem is the sourcecode of the site.php. I integrated my own captcha, saw a picture. I was even able to display a nice textbox that we can type the captcha code in. But I was not able to verify the captcha.

I am quite sure a Joomshaper developer with experience can do this in just 8 hours. I am not a PHP developer and was allmost there in 2 days, ...

It is not that hard to develope something thats more secure then the 3 * 1 expression. Thats something the most bots calculate and it is not helping against these bots. Even it is the same expression with a simple question / answer. Not a good solution. Would be better to have something random + the characters need to be overlapped with some lines etc. That will stop a lot of bots allready. I know this, because I am using it in my own php formulars from the past.

I hope Joomshaper will jump in, understand the problem and bring us a solution. Still cant belief thats he release of Joomla 5 is almost a year ago and nobody checked this. But the SP Page Builder is a product for Joomla. All updates normally need to trigger the team and not us.

Best regards Pascal

Hello Toufiq,

thank you for your short answer!

It would be nice when your team and you are working with a priority on it. Just, because there is allmost one year gone allready after the Joomla 5 release and since then the problem born.

From now a lot of people cant use the form_builder and dont get new customers or the customers get angry. It is not a nice situation at all. In my opinion you guys was sleeping in this case ;-).

Even some customer of me are angry at me now. They have for example some healthcare formulars and get only spam and there email provider allready messaged them. Then generator no business now. This can be a problem for me too and for all other SP Page Builder user. Normally, as entrepreneurs, we are liable for these damages.

Just this week is really annoying. I get only phone calls about this problem and I have to explain why and I have no real solution yet.

Best regards Pascal

In my point of view Joomla CMS should introduce new captcha function. We are trying to figure out the captcha issue. Please stay with us and allow us time. Thank you

I have shared this topic with our development team. We need to wait for their decision regarding the addition of a third-party CAPTCHA. Additionally, we need to consider which CAPTCHA would be most appropriate on a global scale. I hope you will understand.

Hello @Toufiq,

thank you for your answer!

In my optionion you guys need to go two ways.

1. You need a own good working captcha in SP Page Builder, that we have no dependencies to any other company. They can just shut there service down or want more money etc. You need to be prepared for this or we all have a problem.

2. It would be nice when we can use all Captcha Plugins that are installed in Joomla. This will open the market for everybody.

3. We Third-Party captchas can be a option, but look at Nr. 1. We need for sure a own one first. I developed one by my own and it is just proctecting me in the most cases. But I know the most captchas are not 100% secure anymore. But a own puzzle captcha etc. or a picture with a lot of lines are better then the basic one of you with the 3 * 1 question / answer. Thats nothing for the bots currently.

Have a nice day!

Best regards Pascal

We are trying to figure out which will be the best and not to be depended third-party.

Yes, our development team informed me that we can add Google reCAPTCHA to the discontinued Joomla CMS. And we have to think about the future core updates of Joomla. Thanks

You're missing the point ONCE AGAIN!

Forget Google reCaptcha!

SIMPLY MAKE USE OF THE STILL SUPPORTED JOOMLA CAPTCHA PLUGIN SYSTEM - THE ONE WHICH LETS YOU SELECT ANY INSTALLED CAPTCHA AS SITE DEFAULT WITHIN GLOBAL SETTINGS!

WHY are you making this so complicated???

Got it. Thanks

I have explained the process to our team.

If i install any captcha plugin it should be display on form builder or contact form as like global configuration captcha option.

Thanks

CORRECT!

Thanks & Cheers!

We will try to add this feature within few days. Please allow us time. Thanks

ALL these SECURITY fixes should be your top priority!

Thanks for your reply and making this a priority, Toufiq!

Our development team is actively working on the CAPTCHA issue. We expect to have a solution implemented as soon as possible. Thank you for your patience.

Our developer team is working hard to release some issues. Besides, captcha need to re-design that's why we need time to implement this feature. I hope you will understand the sitiuation. Thanks

Hello @Toufiq,

thank you for your answer!

I am happy that your team and you are aware now of the issue and that you are working on it.

The thing is Joomla removed it for over 12 months ago, because of the very bad changes and regulation of Google. Normally a product manager of your side had the job to know and understand these kinds of problems ;-). We cant change it now. But in the future it would be nice when you look arround whats going on. Your product is based in Joomla. Joomla was not writing a lot about it to be honest so its hard to check it after the release. But you guys should at least ask yourself why did Joomla remove these plugins. There was some reasons. I needed to understand it by myself too ;-). Took me some days.

The next thing is a lot of guys before me started a thread or talked about it on the internet and nobody reallty noticed the issue. From my side as a IT expert I dont know. I dont want to point everytime 12 months later on problems normally.

It is allready a good feeling, that you guys understood the problem and that you are working on it!

On the end we need a good working and secured solution for the future. So from now it does not matter how many more days it will take. Soon as possible is fine, but it need to work on the end :-)!

Have a nice day and good luck!

Best regards Pascal

Hi Pascal,

Thank you for your message and for bringing this to our attention. We appreciate your patience and understanding regarding the situation.

We understand that Joomla removed this feature over a year ago due to significant changes and regulations from Google. Ideally, our product management team should have been more aware of these developments and the underlying reasons for such removals. Moving forward, we will certainly strive to stay more informed about the changes within Joomla and other platforms that our product relies on.

We acknowledge that this issue has been raised multiple times by other users, and we regret that it wasn't addressed sooner. Your expertise and the time you’ve taken to understand and explain the problem are greatly valued.

Our team is committed to providing a secure and functional solution as soon as possible. We want to ensure that the final result is robust and reliable, even if it takes a bit more time to achieve.

Thank you once again for your understanding and support. Have a great day!

Best regards,

Toufiqur Rahman (Team Lead, Support)

What we are planning to implement.

I have explained the process to our team.

If i install any captcha plugin it should be display on form builder or contact form as like global configuration captcha option.

Thanks

Hello Toufiq,

can you tell us some kind of time indication?

The thing is even the workarround with the install of the Google Invisible Captcha Plugin V2 etc. is not working anymore.

Like allmost all website visitors get a unlimted amount of tasks and its like a loop for them. So nobody can even look into the websites anymore. The Google Invisible Captcha is above everything.

On the other hand I get very big scam and my webhoster allready called me that there are to much traffic at all and it can result in a ban. Thats not good.

A lot of guys like me need these contact formulars to get new customers. And my customers need them too for the advertising. This can really kill and remove us from the market.

Normally these scripters have to go in prision for sending spam and make our work impossible.

Thank you in advance!

Best regards Pascal

We're almost there. We're aiming to release it by the end of this week.

We have resolved the issue. Currently, we are working on adding a new feature that supports third-party captcha integration for form builder, contact forms, and opt-in forms, which is why it is taking some time. Thank you for your patience.

Sounds great! Looking forward to it!

We have added hcaptcha inital. If you have any recommendation, Please let us know. We try to add in the future. Thanks

Hello Toufiq,

nice to hear, that your team and you fixed it!

When is the new release available?

Thank you in advance and have a nice day!

Best regards Pascal

Please check the latest version. Thanks

We just added a compatibility of hcaptcha. If you any recommendation, Please let us know. Thanks

Would be better to have a solution on our servers.

This is a initial solution to prevent spaming. We will think about it in future.

The next thing is, customers can now write something in the form_builder fields, click on submit and if they forgot to accept the hcaptcha all the written information get removed and I get no message. Thats not good. Normally the form_builder should save all information and check if the captcha is set or not.

I have informed our developer team to fix this issue.

I forgot something. It would be nice too, if we can select the "Default selected Joomla captcha" and then we can set it global in Joomla instead of set it manually in each of the 100 pages ;-).

We have recently integrated the CAPTCHA function within the Page Builder. Similar to how the Article Addon requires a category selection before displaying articles, the CAPTCHA function also needs to be selected from the CAPTCHA section within the Page Builder.

Hello Toufiq,

for now to prevent the spamming, it is okay :-)! In the future we need a own JOOMSHAPER CAPTCHA on our server. This would be insane! Thats a big value for us then.

Is it not possible to select a "Default Joomla Captcha" on each page in the SP Page Builder once. And after it if we change the default Joomla Captcha the SP Page Builder Form_Builder is using it too. I mean for me its just one new item in the drop down menu ;-). To use the default one or just one of the available once.

Now if the hcaptcha is not good or they turn there services off I need to select again 100 pages per customer and again and again. If I had a option "use the joomla default one" instead, it do it now once and its fine. Then I can change it in one global menu.

Best regards Pascal

We will consider developing our own reCAPTCHA; however, I cannot confirm it at the moment due to server dependencies. Additionally, I will communicate your other request to our development team and get back to you once I receive their feedback. Thanks for understanding.

Hello Toufiq,

thank you for your time :-)!

For now its fixed and I can work again. For the future we will see. A own reCAPTCHA, that works on our own webservers would be the best solution at all.

But we need still to fix this bug now that customers can write something in the fields and submit everything without the answered captcha and then all field informations are gone ;-). Otherwise customers will just leave our websites.

Have a nice day!

Best regards Pascal

I already informed this issue to our team. Allow us time. Thanks

I appretiate your suggestion. But, Our system doesn't have this function. If you look how the Article Addon requires a category selection before displaying articles, the CAPTCHA function also needs to be selected from the CAPTCHA section within the Page Builder.

Hi Paul,

Maybe you want to try this Aimy Captcha, let me know how do you think...

https://extensions.joomla.org/extension/aimy-captcha-less-form-guard/ https://www.aimy-extensions.com/joomla/captcha-less-form-guard.html

Aim captcha isn't ready for the page builder & Could someone please provide me with a staging site to resolve this issue more quickly? I have checked it on my own server but couldn't identify the problem. I apologize for the inconvenience and need your assistance. I'll aim to have a hotfix ready by tomorrow.

Hello Toufiq,

what I mean is there must be some kind of bypass in the SP Page Builder Form_Builder to send just spam again or it is, because the hcaptcha have the same issues then the Google Invisible reCAPTCHA.

As a human I found no way to just click on the button.

I changed it on 3 websites now and everybody get still spam.

Best regards Pascal

We trying to figure out the issue. Please allow us time to solve this issue. Thanks

Definitely seeing the same thing on our website...

Please download this patch & check the issue.

https://drive.google.com/file/d/1b_RpPz06GgS0ijSPnhZcnT8SR-Ky1lvD/view

We just checked by bot. But, Bot can't bypass the captcha. Thanks

Hello Toufiq,

we will see. If I will get still spam, then something is wrong ;-)!

In this case I will write again.

Best regards Pascal

Let me know the update.

Hello Toufiq,

I installed your patch on friday on 3 websites.

What I can say is: On friday, saturday and sunday I got no single spam email.

I think you guys maybe found the issue in the patch. (SP Page Builder v.5.3.6 (18) - Captcha-Patch).

Best regards Pascal

I think we can release it globally. Thanks

CK spam protection is not compatible with the Page Builder.

Hello Steve,

if you mean you are using the 2+3 calculation captcha text fields, thats nothing against these bots.

You need to use hCaptcha and these spamers are gone.

And I am not sure, I used the 5.3.6 (18) patch of the SP Page Builder above from the Google Drive. Maybe this patch is not included in the official versions.

Best regards Pascal

Could you kindly grant me access to your Joomla administrator area so that I can investigate the issue you're experiencing? Prior to providing access, please ensure that you have backed up your site. Additionally, it's important to note that providing login credentials is entirely voluntary on your part; we respect your decision either way. However, if you do choose to share the login details, it would greatly expedite the resolution process. Thank you for your cooperation.

Hi Pascal, thanks for the tip. I hope that this will soon come to a good end with a fix.

Unfortunately, I cannot easily rely on hCaptcha, as this requires many points regarding the GDPR. Among other things, it must be explained in the EU

• that hCaptcha sets a cookie in your browser,
• why they collect user data via hCaptcha,
• how long they store the data,
• why they pass the data on to hCaptcha,
• what legal basis enables them to do so (Art. 6 para. 1 lit. a GDPR)
• and that users can object to the collection of data at any time.

The whole thing then via opt-in in the cookie banner and the privacy policy must be adapted. I don't want to explain this to my customer and expect them to do so...

That's why I continue to use the “2+5 calculation” out of necessity.

It would be great and necessary if Joomshaper would allow captchas from any third-party providers, e.g. SecureImage. hCaptcha - that's my opinion - is unfavorable for EU customers of Joomshaper in any case.

Best regards

You can use invisible re-captcha. Thanks

See hidden Content.

What about hcaptcha?

It's the same. It comes also from USA. Unfortunately, I cannot easily rely on hCaptcha, as this requires many points regarding the GDPR. Among other things, it must be explained in the EU

that hCaptcha sets a cookie in your browser,
why they collect user data via hCaptcha,
how long they store the data,
why they pass the data on to hCaptcha,
what legal basis enables them to do so (Art. 6 para. 1 lit. a GDPR)
and that users can object to the collection of data at any time.

The whole thing then via opt-in in the cookie banner and the privacy policy must be adapted. I don't want to explain this to my customer and expect them to do so...

That's why I continue to use the “2+5 calculation” out of necessity.

It would be great and necessary if Joomshaper would allow captchas from any third-party providers, e.g. SecureImage. hCaptcha - that's my opinion - is unfavorable for EU customers of Joomshaper in any case.

Best regards

We will try to implement the new captcha system. Allow us time. Thanks

Do you have any suggestions?

The hCaptcha is already added compatiblity. Did you try?

Yes, a secure solution on our own servers

We will add new captcha system. But, We need time.

Can you provide me your site login credential to check your issue?

Note:

1. I will set my email address to check the spamming
2. Also, I will check user registration issue.

Hello Toufiq,

thank you for your answer.

I wrote parallel the problem to your team via email. They said they will take it serious and implement black- and whitelists. This is a kind of protection on top and is easy to implement.

We need this, because russian AI bots can solve hCaptcha tasks. At all there are even people they get payed to write scam, spam, advertising emails to us over the contact formulars.

hCaptcha did not answer me. I needed to use a completly different email address, because there system is bugged. Later in the hCaptcha account there is not even a option to change the email address. I hate third party dependencies.

The thing is the most came with the russian language and symbols or from .ru domain addresses. With a blacklist these spam get just blocked before they can send it with the SP Page Builder Form Builder.

At all I have customers they get emails by humans and these humans are sending a lot of emails too over it. But they dont want to get emails of them anymore. These customers got blocked allready in the PBX / phones. In this case its not the allready blocked email address of the "customer". It is your own email address of the contact formular.

There is no antispam proctection implemented for these cases. hCaptcha will block maybe 60-70%. Maybe more if the secure level get higher. But the most people are not able to solve these 2-3 tasks. The hCaptcha is not able to block these spam from real people or AI. But a blacklist / whitelist for words in the fields, domain-adresses, email addresses will do that. Then I can use all letters of the russian alphabet and the spam stopped.

Best regards Pascal

Hello Pascal,

Thank you for sharing your detailed feedback and concerns.

1. Can you suggest a CAPTCHA solution that you think will best suit your needs and address these issues effectively?
2. In the meantime, we have improved the Google Invisible reCAPTCHA in our system, and we highly recommend giving it a try. It might provide a better balance between usability and protection.
3. I will also share your suggestions regarding the blacklist/whitelist implementation with our development team to explore how we can enhance the SP Page Builder Form Builder further.

Best regards,

Toufiqur Rahman (Team Lead, Support)

We will introduce new function on next release. I hope it will fix the issue. Wait for the next release. Thanks

Did you try this feature?

https://www.joomshaper.com/documentation/sp-page-builder/configuring-cloudflare-turnstile-captcha

Hello @Toufiq,

its another third party dependency. We dont have the full control over it - it can be shutdown or it will be another subscription soon. Joomla just removed the Google Captchas from the core, without any message in advance. There are reasons for it.

It is not helping against real humans in rooms in (click farms), because real humans are writing and spaming.

I just dont want, that people can write with there russian alphabeth in our text fields or from specific domain adresses. That we would get 0 spam at all with the hCaptcha. But the problem are these people. They are not stopping to use our contact formulars to send us spam.

Everyday 1-2 messages of these spamers are enough for my customers to contact me everyday again. Its killing my business. Its not like they send 100-1.000 messages in one day, ... Just the point you cant stop them doing this is frustrating. Only a black- whitelist can help. How I said months ago allready. Cant be that hard with the help of ChatGPT to build a included JoomShaper solution to be honest. Full control in one paid product.

Best regards Pascal

You can control how much data a user can send within a specific time frame by setting a rate limit.

https://prnt.sc/I5g8UB1exMfr

Hello @Toufiq,

I saw that. But its not helpful for real people spamer that send 1-2 emails per day. Maybe they even log in with different hotspots and the proctection is not working.

How I said a blacklist would block them 100%. They use evertime the same texts, email adresses or words that can be blocked. Cant belief nobody implemented these kind of basics allready.

That I am sitting hear and hear this shit spam is still there since 12 months is not good for my business. It got reduced, yes, but there is no protection for real people they just fill out the contact forms and solve the captcha with there own hands.

Best regards Pascal

Hello Toufiq, hello Ofi, hello Pascal,

it's the same for me. Unfortunately still. And I have also been waiting for a solution for more than 12 months with an agency plan.

My customers receive masses of SPAM messages, so that the form is hidden for most customers. It's hard to explain by now...

Joomshaper, please understand the following points:

1. Google captcha are not possible in the EU
2. hCaptcha or Turnstile must be included in the privacy policy for each customer and thus require a lot of effort for my customers and also for me - this is also not possible or cannot be communicated to the customer
3. the rate limit does not work (see link to post below)

We finally need a solution that allows third-party providers (e.g. SecurImage), our own functioning captcha and/or - as suggested by Pascal - blacklists.

No matter what is done, it is time that this problem is solved. We don't need a new feature like “Dynamic Content” as long as basic things like contact forms don't work. Please focus on this current problem in future releases.

It is also important to know that even the rate limit does not work. In this post (https://www.joomshaper.com/forum/question/38241) there is some exchange with Ofi as well as screenshots from my customers, which prove that despite a rate limit of 4 messages per hour, far more SPAM messages are still being delivered.

In my opinion, captchas and rate limits can therefore still be circumvented. The FormBuilder is, as Pascal quite rightly said, sadly just a “SPAM sending machine”. It is simply unusable in its current version.

Best regards...

Can you share a screencast video about the issue?

Note: If you change your internent then you will get new ip then you can send new mail. But, If you try to send a mail using same ip then you can't sent multiple email (depend on your rate limit settings).

Hello Toufiq, thank you very much for your reply. I can't send a video of it, but you can have a look at the screenshots under the following post (https://www.joomshaper.com/forum/question/38241#qa-answer-192157) in the hidden content and talk to Ofi. There are too many SPAM messages being sent despite the rate. Thanks for the help in advance and best regards...