reCAPTCHA v3 scores going crazy

Forum Moderators: open

Message Too Old, No Replies

reCAPTCHA v3 scores going crazy

freitasm

8:39 pm on Jun 17, 2021 (gmt 0)

Hi folks

We have been using reCAPTCHA v3 for a while and the score distribution has been very consistent over the last couple of years.

Suddenly this went crazy in the last week or so. Without change in the traffic profile (volume, location, time of day), the volume of suspicious traffic report went from 3% to about 35%.

This lasted for about five days, went down back to usual 3% levels, then went up again, this time reaching 50%.

Is anyone seeing something similar on their dashboard?

martinibuster

10:36 pm on Jun 17, 2021 (gmt 0)

Organized crime. Do you have IP addys for the attacks?

My server got slammed so hard last night the server went down. Cloud server IP addys from outside the USA.

freitasm

10:42 pm on Jun 17, 2021 (gmt 0)

Thanks. No, it's not an attack.

As I said, the visitors' profile is the same as before - same proportion of country, visited pages, etc. Just the scores changed but everything else is the same as before.

We have a pretty good handle on traffic and visitors' profile.

NickMNS

11:01 pm on Jun 17, 2021 (gmt 0)

It could be a similar attack to referral spam, where the attacker sends many requests to the Google Captcha endpoint using your public key. The requests all fail because they don't have your private key, but the attempts do appear in your Captcha analytics. You don't see the requests in your server logs, because no requests were ever made to your server.

freitasm

11:26 pm on Jun 17, 2021 (gmt 0)

This could be the case in some other scenario but I have an integration with my backend server that checks for this. All requests are valid requests, have valid action names and the number of requests match what I have in my database.

freitasm

3:31 am on Jun 18, 2021 (gmt 0)

The reCAPTCHA dashboard shows scores with a 48 hours delay. Querying my database the score distribution for today seems to have gone back to previous values i.e. about 3% "suspicious traffic". We will have to wait another 48 hours to see if this is reflected on the reCAPTCHA dashboard.

jay5r

10:56 am on Jun 18, 2021 (gmt 0)

Perhaps you just had a benign crawler hit your site that doesn't know not to load the reCAPTCHA javascript. A high score doesn't mean they're attacking your site, it just means they're a bot. And if they declared themselves correctly (via a known user agent string) they might have been filtered out of other reports - so everything else looks normal.

freitasm

8:41 pm on Jun 18, 2021 (gmt 0)

Thanks. I know there is no attack on the site at the time of those scores. I am interested to know if other site owners noticed a change in score distribution at around that time.