Thanks Nick.

ids When you install the module a JS resource is added to the store. The resource is added to the modules resource group. So when the <mvt:item name="head" param="modules" /> is added to the template the JS resource will render.

Thanks Scot.

This particular store doesn't have any version of a Honey Pot to help filter malicious form submissions. I'll see what I can do there.

Scott

Thanks Nick. I'm thinking I'd need to reconfigure the set up a bit in this specific scenario.

I don't recall seeing the actual JS. What's the mechanism for the ReCaptcha JS to be included on the page? Is it a component Item style call? I haven't had a chance to look at this detail yet.

Thanks,

Scott

ids Is the form that is being submitted rendered on the page?

Under normal circumstances, this is the flow of the reCAPTCHA functionality:
- User view the page.
- Page loads and the reCAPTCHA JS finds the form data configured in the reCAPTCHA settings.
- If found, it hooks the submit (overwrites it so it can make its own request and then trigger the submit).
- User triggers a form submit.
- reCAPTCHA blocks the submit, triggers the reCAPTCHA response token generation, receives the token, inserts the token in the form as a hidden input and then triggers the original submit.

I have seen issues when stores have a lightbox that generates the form or if the form is using JavaScript to submit the form.

Are you using the miva recaptcha moduel? If so, will you screenshot and post your form settings?

As an aside, I was able to completely stop bot/spam attacks completely on contact forms on a couple of sites by replacing all links to the contact page with form submit buttons that are styled to look like links. The form sends a hidden variable that I check for on the contact page. If it's not there I put up a little message saying to call for direct support or whatever the store admin wants. So far this hack has worked 100% for several months now.