ExpressionEngine 2, ExpressionEngine 3, ExpressionEngine 4

Back to this add-on's main page
View Other Add-ons From PutYourLightsOn


You must be logged in to post.

False Positives Snaptcha v1.7.6 EEv2.10.3

Support (Resolved)

Luke Hardiman
Luke Hardiman

Hi Ben, we have Snaptcha on our travel website enquiry forms and we are getting a lot of false positives. Of course, enquiries are central to our business (we need them to do any at all), so this is a major showstopper in terms of using Snaptcha.

I have progressively reduced security from high to medium to low, and it doesn’t seem to have made any difference.

We typically get 40-50 enquiries a day, and today I have 4 blocked submissions in the log for today. I suspect all 4 are genuine submissions. At least 2 are, because the client was kind enough to email us and mention that she was blocked and paste in our custom error message.

I checked our analytics and she is on Chrome, running Windows 10.

The error shown in the log is as follows (for all of our recent blocks):
‘Snaptcha field not blank’

I have turned Snaptcha off for now, but we are now facing a deluge of spam so any help you could give us would be gratefully received. I have tried all other spam blocking options and Snaptcha is the last one in a long line so I am at my wits end.

I had my field name prefix set to ‘snap’ if that is of any help at all.

# 1

Hi Luke, thanks for providing so many details along with your question. Eliminating false positives completely is challenging, yet we fully understand the importance of it.

The error message that you are seeing, “Snaptcha field not blank”, on the low security setting indicates that users are submitting the form with text in the the hidden Snaptcha field. The question is, assuming your form is set up correctly, why is this happening, and the most likely explanation in my opinion is a browser plugin or some browser behaviour such as autocompletion of form fields. Either way, it is caused by the user’s browser, of which you have no control.

I’d love to be able to be of more help, but for now the only practical advice I can offer is to change the field name prefix to something new and a bit more obscure, and to make your error message very explicit and ask users to contact you directly if they experience any issues. Please let us know if that makes any difference and feel free to email us if you’d like us to help investigate further.

Luke Hardiman
# 2
Luke Hardiman

Thanks Ben, it would be great if we could tell Snaptcha to just flag the positives and let them through, or just log them and do nothing else. Also it would be useful to be able to record what is injected into the hidden field. Perhaps with a view to whitelisting certain keywords or terms injected by browser plugins or form autocomplete behaviour.

At the moment we can either block the spam or not block it, with little capability of understanding how the false positive came about.

# 3

These are good ideas Luke, I’ll take at look and see if we can work those in to the add-on. By the way is this an EE3 install? Only the Snaptcha 2 branch (for EE3) is being actively developed. Please email me if not and we can work something out.