New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Web Based Form submissions option #1

BenParizek opened this Issue Mar 12, 2018 · 0 comments


2 participants

BenParizek commented Mar 12, 2018

User reports:

We recently had an issue where our client was hit with a bot spam attack on the forms. We implemented the Invisible Captcha and while testing, we discovered that we could bypass the "Require web-based form submissions" feature which I infer it to mean "require browser form submissions". Our tester was able to generate a successful form, intercept the request and use it to push bot requests via Burp.

As Invisible Captcha is still in beta and we have no intention of upgrading this particular check to Craft 3, let's remove it and write a migration to clean up any related code.

Users can disable this feature on earlier versions of the plugin or update to the latest to remove the issue.


  • James via email

@BenParizek BenParizek added the bug label Mar 12, 2018

@BenParizek BenParizek added this to the v0.8.4 - Bugfix milestone Mar 12, 2018

@BenParizek BenParizek added the c2 label Jul 28, 2018

@BenParizek BenParizek closed this Sep 14, 2018

andrelopez added a commit that referenced this issue Sep 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment