FWIW, you're not the only one seeing an increase in reCAPTCHA failures / bot + spam submissions recently: https://old.reddit.com/r/webdev/comments/1anu71i/screenshot_from_google_recaptcha_anyone_know/
For your first question, I don't believe there's any custom validation you should need to add, should be able to just use the form element -- that should automatically add the Google JS to enable the reCAPTCHA.
For the second, this stackoverflow thread has some thoughts -- one approach is basically what you're doing: start at 0.5, and then adjust as-needed (and based on details from the Google admin console).
You could also consider implementing a simple honeypot to try and filter out real submissions from bot submissions: https://www.codeart.dk/blog/2020/8/episerver-forms-avoiding-spam-with-a-honeypot/
Hi,
I'm currently grappling with an issue concerning my Episerver form, which integrates a reCAPTCHA element. The reCAPTCHA keys are configured on the Google Console and have been functioning seamlessly. However, in recent days, the site has experienced a significant uptick in form submissions, seemingly originating from bot accounts. These submissions are raising suspicions as they deviate from the typical behavior of genuine users.
I have a couple of specific questions:
Do I need to implement custom server-side validation when using the reCAPTCHA element within EPiServer forms, or is it sufficient to include the reCAPTCHA element with a higher score as part of the form setup?
Is there an ideal score that is advisable when the form is open to submissions?
I've experimented with setting the score to 1.0, which at times blocks genuine requests. Therefore, I reverted to the default score of 0.5. Given the ongoing issue with constant bot account submissions, I've increased the score to 0.6. While I understand that this might not resolve the issue overnight, it serves as a starting point to monitor whether bot submission counts decrease with a score of 0.6. I plan to adjust it further if necessary.
Any insights or guidance on these matters would be highly appreciated.