DotNetNuke DNN Sites getting spam registrations – How to stop them

In recent weeks, many of our DNN websites have systematically been targeted for Spam New User Registrations. There has been some discussion around the how and why, and as much as we can tell, the problem is this:
1. Some script kiddy has bothered to write a bot that finds DNN websites. It is not even a good bot, because it is not capable of validating registrations to automated active email addresses. (If you are the creator of the bot… “YOU ARE DOING IT WRONG” as it is not going to bring the Google results you are looking for.)
2. The bot will attempt access to: /?ctl=Register
3. This brings into play the default DNN registration process module.
4. This page is currently available if your site has either Public or Verified registrations enabled.
5. Tricks on derating the bot by raising the password complexity appeared to work a short time only.
6. Enabling the inbuilt Captcha is as good as useless, as almost any OCR application can break it.
7. A better simple solution is needed.

ReCaptcha is the FIX that is working well

Here at InteractiveWebs, we decided that we would enable Recapcha (a cleaver Google Initiative ) that is harder to be machine broken, and test the results. We found that all the spam registrations stopped once Recaptcha was used.
To do this we created two Free DNN Modules to add Recaptcha to the URL that this bot is using to register on sites. The two modules are to support DNN 6.2 +  and 7x +.
The modules replace the standard captcha control to a recaptcha
From this:
To this:
DNN Spam Registration Stop
This is a good link explaining how Recaptcha came into existence, and why it works well:

The Free Solution and Installing iWebs Regsiter

The free modules are available of download here:
To install them and fix your site you will need to follow the instructions below:

Step 1 – Register your site for Recaptcah

Go to:  and register your domain, or domains. This will give you the ability to use recaptcha on your DNN sites on any domain you like.
DN Google Recaptcha

Step 2 – Copy the Public Key and Private Key for your Domain

You are going to need they keys that this site provides:
DNN Recaptcha Keys
Similar to these.

Step 3 – For you DNN site, Turn on the DNN Captcha system.


DNN Enable Captcha

Step 4 – Download and Install iWebs – Register

Install our “iwebs- register” module, making sure you pick the one that is for your DNN version.

  • DNN 6.2 And laters: iWebsRegister (at time of writing this)
  • DNN 7 and later:  iWebsRegister (at time of writing this)

Once installed, you need to add the module to a page as you would any other. We recommend adding it to it’s own page in the DNN Admin menu, and keeping the page Admin Only.
DNN Recaptcha Module Downlaod DNN Recaptcha Module

Step 5 – Configure the iWebs Register Module.

The module you are looking for is called: iWeb’s – Register – You can select the Settings from the module drop down as you would any other DNN module.
DNN Module Settings
Enter the Public Key and Private Keu information that you received from your Google Recaptcha registration of your domain. THEN SELECT UPDATE to save the information.
DNN Captcha Settings

Step 6 – Install the Register Control

After saving your public and private keys by clicking “update” you are ready to:
Click on the “Install Register Control”
This will inject the recaptcha setting into your website. So when you hit any registration URL ( /?ctl=Register) you now get the recaptcah box.

Update to V2 of Recaptcha

Google has released what they call V2 of Recaptcha. We have update the module to support this. The process of updating to V2 goes like this.
1. By default, previously created recaptcha keys are V1. Any updated installs of our module will need to be put into V1 mode (in the settings) to keep working with your V1 keys that you have previously configured into the module. So after updating our module to the latest release, go into the module settings and enable V1 mode for the module to keep working.
2. V2 recaptcha is better than V1. So we would suggest that all users of the module update to V2. To do this, you update our module to the latest release, then go into the Google Recaptcha management page, and delete your domains security keys, then generate new keys for V2. They have instructions on that process, all be is hard to understand.
Once you have new V2 recaptcha keys, you update these new keys back into our module and ensure that the V1 mode is NOT enabled. The V2 recaptcha will then run on your site.

To Remove and Uninstall

Step 1. From the iwebs – Register module settings, click the “Restore Register Control”

DNN Remove Recaptcha

2. Uninstall the iwebs – Register module as you would any other DNN module.



This was a quick solution to some script kiddies attempt to attack DNN. I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why).  There is little threat by the registrations that I can find. More annoying that anything else. While Recaptcah can be broken, it would take some smarts or costs to use online services for the bot, so I suspect they will not bother and recaptcha will reign for this problem. In any case, if they spend some time and effort making the bot work for recaptcah, it is easy enough for us to implement some of the loads of other solutions available to stop them.


We included a donation button. If you find the solution, blog, research we did, modules we created and responses we provide to be helpful. Please consider throwing us a few $

Website Developer Sydney

125 thoughts on “DotNetNuke DNN Spam Registrations Problem Fixed”

  1. Hi. Thanks for this – will give it a try. The reason they’re doing it is to leave SEO backlinks on the Biography section of the site so they can charge for “quality SEO backlinking”.
    I see our DNN5 sites are now being hit too! They’ve obviously run out of DNN6 and 7 sites to ruin 🙂

    1. Dustin… that is strange as it has stopped ours. Double check that your registration url that we mention in the article has the recaptcha enabled. This will check that you have installed it correctly. Also double check that any additional domains on the portal are registered for rechaptch with Google. This will make sure that the recaptcha is displayed on all domains that register. Lastly, turn on Authentication for registration in DNN. This will let you see the email addresses that are not authenticated and are actually spam.

      1. Do you know if implementing this will impact on automated registrations implemented in eCommerce solutions – I am specifically interested in what would happen with Catalook? The spam registrations are a particular pain on eCommerce sites as they need public registration to allow immediate checkout.

        1. While we have not tested it, I suspect it would be just fine. We are only adding to that DNN standard module, so any time it is called, it would run normally and hand back over to the store. That being said, it would not run automatically in the store inbuilt login, but that should not be targeted by bots anyway.

          1. Have register with reCaptcha, turned on dnn captcha for registration, installed the module, placed in the keys, registered the control, and the captch looks the same with no change. Have cleared the cache, still no change. Went back and re-verified all the of the above. No idea what is wrong.

            1. Most likely a key or domain registration error. Remember that you need the exact domain name. (Now you have probably thought about that, so go to our site and lodge a support ticket and we can take a look for you).

          2. Hi Guys,
            I regret to report that the site that had been heavily targeted, and which initially stopped getting spam registrations when I implemented this module, is now starting to see new spam registrations. Not nearly as many as previously, but I have definite evidence of three in the last two days. I fear that a new version of the bot with capability to crack reCaptcha may be under development. Would you be interested in seeing the logs from the site under attack if so please contact me by mail and I’ll get them to you.

              1. Very odd, the spam registrations only came through for a day or two and then stopped again. Not sure what was going on there, perhaps someone checking manually what had failed with the bot? Will continue to monitor.

                1. We found that once they found you. They will be back. We noticed it was sporadic over a fews days. 1-2 days of hits, then nothing for a bit. (Script kiddy got kicked of the computer by mum till he cleaned his room, or something.)

              2. “I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why). There is little threat by the registrations that I can find. More annoying that anything else.”
                Well, I think you answered yourself. What they want is to annoy, so they succeeded 🙂

                1. I guess.. there is not a lot of people with anti social behaviour that are content with just being “just” annoying. By virtue of the fact that the registrations usually include back link references, I suspect that the bot was written to perform as an SEO bot, for a specific site or series of sites that exposed user URL references. Thus gaining the back link value that was once realised in the past. Funny ting here is that the creators are smart enough to write the bot, but dumb enough to know it has little value to anyone. Sure it could be to just be annoying, but then filling in a URL reference would be a waste of time. I think it was for something more than that.
                  Just my guess.

              3. Thanks – I was able to install on our QA machine without trouble. I would be happy to make Paypal donation if you exposed the “theme” setting (bonus points for drop list!). Why it is embedded in the DLL but custom themes are not is a mystery to me.

              4. Your module has worked great on one site but I just found out that when I try to use it on another portal (same DNN instance) it is already populated with the first domains set of keys. Is there anyway to implement this on multiple portals using different domains at the same time?

                  1. Maybe I am misunderstanding you but on the reCaptcha website it generates uniques keys for each domain even when I add two domains at once. Here is a quote from their site:
                    ” Your reCAPTCHA key is restricted to the specified domain, and any subdomains for additional security. A key for works on”
                    In the module settings, any change I make on one portal affects other portals so I dont know that you are referring to the module itself.

                    1. I too am facing the same issue as Josiah and am also at a loss to understand how to have the same key for multiple domains which would then allow this to work across multiple portals and domains within a single DNN instance. Any ideas and solutions would be greatly appreciated.

                        1. No, I have not found a solution yet.
                          @Interactivewebs – There is only one page on the recaptcha site where you can enter domains:
                          Whether you enter one at a time or multiple domains, it generates a unique key for each domain name. Perhaps it used to allow multiple domains per key pair in the past but right now it does not. I have found references to a “global key” for reCaptcha which would allow for multiple domains per key but it seems that they no longer have that option. If anyone knows of a different page than the one above where a global key can be generated, please let me know.

                        2. I’m having the same problem. I get different keys for each domain I enter. When I enter for one of my portals, the other breaks. Is there a solution?

                        3. Was this module suppoed to replace every captcha on every page that has the registration module or only on urls which have ?ctl=register on them? my custom registration page hasn’t chaged, though if I invoke the register control, it works.

                          1. It was only changing the one that is being targeted. This is the ctl=register one. You can use our Advanced login module to display the Recaptcha in any custom registration processes.

                        4. Thank you so much!!!! Module installed and worked as described. I’m now waiting and watching for the bot-registrations to cease.

                        5. I installed your package via your process and although I am no longer getting 200 a day i am still getting 10-20. I submitted a ticket for assistance (#2232) and I have not gotten a response since 8-1-2014

                        6. I followed these steps closely and now, instead of a Captcha, I get this error: “Input error: Invalid referer”. What did I do wrong?

                        7. HI guys,
                          Well sorry to say I am still getting spam registrations on the one particular site I have been struggling to protect. Looking at the logs it’s definitely bots using the ?ctl=register attack vector. A lot don’t work but some still get through – one or two a day is standard now. One reason I feel is that the reCaptcha image appearing on the registration page now is absurdly (to my mind) easy to crack – I don’t get anything that looks like the distorted text and two words approach in your image above I just get some slightly fuzzy picture with a two, three or (if I’m lucky ) four digit number there. Why is this – is there some sort of setting I am missing that actually makes reCaptcha hard rather than so easy?

                        8. After I’ve enabled this on DNN 7.3.2, this has broken my login functionality on the site. I was able to create one new account and it did prompt with re-captcha. However, after the registration was completed, I simply got a generic error on the page that said ‘A Critical Error has occurred’ please check the Event Viewer for details. However, when I try to login to the site again using any account (even SU Account), it will no longer allow me to login.
                          Luckily I did this in a test site first, but please advise what may have caused this or how I can get around it.

                            1. I’ve returned to your site to open a support case, but do not see a clearly defined way to do so. Thus far, I’ve only found the support forums and this blog. Is there another area I’m missing?

                            2. I have successfully located the area to submit a ticket and created a support request for this issue. I look forward to your response.

                          1. We are using the I Web Register module with the Google ReCaptcha on a multiportal DNN Host Instance.
                            We just found out that when we change the “Public” and “Private” key on one module in Portal A it is also changing these settings in Portal B, C, D, E, etc…
                            Were you aware of this? Can you help us resolve this?

                            1. We were able to register multiple domains in Google settings to allow the one key to work on multiple sites. I have seen comments that others could not do this in google, but I can’t replicate that, as listing multiple domains under one key was an easy option for us on the google account settings. Can you confirm this?

                            2. I have just noticed that even though verified registration is selected no verification email is sent. What is sent is an email “We are pleased to advise that you have been added as a Registered User to …” “If you do not know, or cannot remember, your password, please go to …” instead of “You can use the following link to complete your verified registration:” which the standard DNN module (on the same page to test) sends

                            3. First off, thanks for this module and guide… it is appreciated. Even though the newest version of DNN is supposed to have overcome the spam registration issue, I will be keeping this in place.
                              I do have one question. Any chance you will be updating this module to leverage ReCaptcha V2?

                            4. Robert Havens

                              I too am looking forward to the V2 compatible release. I have had results so far until a few days ago when I started getting 2-6 registrations. Today I have gotten 13 so far.

                              1. We have updated the module to support Captcha V2. Once again it has defeated the updated bot from what we can see. To update to V2 you need to login again to Google Recaptcah site and revoke your original keys, then issue new keys and upped the module to support V2. Note that the module will now default to V2 mode, and can be put back into V1 mode if needed int he settings (although why you would do this I don’t know). The module will error out with original keys until you update your keys to V2 or change the default mode to match your keys.

                            5. Sweet—I just upgraded to your V2 module of Recaptcha—-THANKS SO MUCH!!!
                              I have had V1 of your Recaptcha module installed for months now and was free of spam registrations until about the middle of December when they started up again.
                              After upgrading to your V2 they have stopped again.

                              1. I am looking for the V2 download but can’t seem to find it. Can you provide the link to the download?

                            6. David Poindexter

                              We just upgraded a DNN 6.2.7 site from v1 to v2 and now the security code will not display. Switching the module settings API version to v1 causes it to show again. Switching it back to v2 causes the security code to disappear. Can you please help us with this? Are we missing something? Do we need to generate a new API key for v2?

                              1. David Poindexter

                                Duh – never mind, I just discovered the two additional fields for Site Key and Secret Key! LOL – sorry for the false alarm. Thanks for the update!

                                1. Another small updated version out today.
                                  Sorry for the delay, but as you know this is a free product and we don’t rush to support it. That being said.
                                  The latest releases will default to V2 of Recaptcha. You either need to flip to V1 in the settings of the module to support V1, or go back into the recaptcha site settings, delete your V1 keys and generate new V2 keys. Then update our module with those keys to get it working in V2 module.

                              2. When I installed the module, I’m getting a message only on the page that the module is installed on:
                                A critical error has occurred. Method not found: ‘Boolean DotNetNuke.Entities.Host.Host.get_EnableStrengthMeter()’.
                                The site is DNN 7.0 (I cannot upgrade it right now).
                                any ideas?

                              3. Hello, We have our websites running on the latest version of DNN 7.3.4 and we installed IWeb version – iWebsRegister PA. On enabling the recaptcha we noticed that on “Default Core DNN Register” module State/Region drop down does not list as a drop down and instead as a text box. So created a custom page and installed IwebRegister module on it and made that page as the register page and it worked i.e. the State/Region dropdown worked as expected “On Load”. But if we enter a wrong captcha then after the page refresh, instead of maintaining the state as a dropdown, it converted into a text box with the correspding id value of the state previously chosen. i.e. if New Jersey = 293, then this is populated in the text box after the page refresh. Is this a known bug?
                                Also downloaded the latest version iWebsRegister PA and installed on top of the existing Iweb register and now the recaptcha does not show at all? I updated the site key and private key again and chose v1 version and updated the module.. But still the issue exists? Any thoughts on these issues? Thanks!!

                                1. Likely a skinning issue, but first you should update the the latest version of our module. Currently 72.10.0.
                                  Then try a default DNN skin page on the registration page. Likely to fix the issue. If not, lodge a support ticket and we will take a look.
                                  Regarding the V2 and V1. I have updated the original blog post to include the details on updating to Recaptcha V2.

                              4. Hi, we have recently installed your Re-CAPTCHA module onto one of our 6.02.09 DNN sites. All has seemed to be working as expected with a decrease in spam accounts signing up. However we have noticed a problem when a user tires to edit their own profile. If a user wants to update their profile/password themselves they will log in, click their username to the left of the “logout” button and then click “edit profile”. This will usually take you to the profile module where the user can update their profile/password. However with the Re-CAPCTHA module installed clicking “Edit profile” takes the user to a registration page while they are still logged in. The form is pre-populated with their details with a register button at the bottom which says the username is already taken if they click it. Is there a fix for this as with the module installed users currently have no-way of updating their profile/password and it’s causing some confusion passing them to a register page. Look forward to your reply, many thanks! Scott

                                1. Thank you for your enquiry Scott. We have opened a support ticket on your behalf with the data provided in this post. In the future if you have troubles with any of our modules please log a support ticket from our website.

                                2. I can confirm we are seeing the same behaviour with the module on 6.2.9, so I’ll be interested in the response. 🙂

                                3. Have been using the reCaptcha module for a while and I have to say it has been effective. However, we have also noticed the above issue and can confirm that it is a problem. Have you addressed this since it was flagged almost a year ago?
                                  Tried to see if you have a new version and download but then when I click on your download link it gives a 404 on a dropbox page. Please look into all these issues. Feels like the project is abandoned. Using iWebsRegister PA

                                    1. Thank you very much. Just tried the new version iWebsRegister PA and I can report that it still has the above issue. When logged in if a user clicks on “Edit Profile” it goes back to registration page rather than the edit profile page. Would appreciate if you fix this.

                                  1. I installed the module in my DNN 7.3.4 but I am getting an error whenever I add the module in a page.
                                    Here is the error message:
                                    InnerException:Exception has been thrown by the target of an invocation.

                                    1. it may be that your keys are set up for recapture version 1.0 and the module defaults to version 2.0. There is a setting within the module that allows you to select 1.0, or alternatively go into the Google recapture website and delete the existing version 1.0 keys and creates a new version 2.0 keys and insert those into the module settings.

                                    2. I can confirm that I’m having the same issue as Camy. I had previously setup request filtering and a specific registration page and had the default captcha turned on. I turned off request filtering and tried multiple other fixes, but wasn’t able to get it to work. Using DNN 733 and your version 72.7.10. Google keys are definitely v2, however I tried both version settings in your module. The only values I entered into the module settings were the keys and they were correctly entered. The core captcha is still being displayed in the standard DNN register control, which is still on a specific page (as opposed to using ?ctrl=register), and if you access the page with your module you get the error specified above. Since Camy didn’t post it, the inner stack trace of the error is:
                                      DotNetNuke.Services.Exceptions.PageLoadException: Exception has been thrown by the target of an invocation. —> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.ArgumentException: An entry with the same key already exists.
                                      at System.Collections.Specialized.ListDictionary.Add(Object key, Object value)
                                      at System.Web.UI.ClientScriptManager.RegisterExpandoAttribute(String controlId, String attributeName, String attributeValue, Boolean encode)
                                      at System.Web.UI.ScriptRegistrationManager.RegisterExpandoAttribute(Control control, String controlId, String attributeName, String attributeValue, Boolean encode)
                                      at System.Web.UI.ScriptManager.RegisterExpandoAttribute(Control control, String controlId, String attributeName, String attributeValue, Boolean encode)
                                      The site does have Catalook and several other large modules installed. Could it be that there is a name conflict in the client script manager? Would love for this to work… any suggestions would be greatly appreciated.

                                      1. Other modules will not be the likely cause. Could be a skin issue perhaps, or similar. Please submit a support ticket from our site so we can take a look at what is going on. Be sure to reference your comments here.

                                    3. First time it solved my problem. Unfortunately today after seeing the old module threw an error, I downloaded the new module and installed it but this time it made my DNN installation crash 🙁
                                      CPU stuck at 100% and csc.exe keeps on compiling forever.

                                      1. Not sure why this happened but I restored my DB and now everything is back to normal. By the way, the version I had was already compatible with recaptcha V2. The problem was I found these errors on my websites using recaptcha
                                        An internal error occurred: 4A6376441D250.ADE1949.3546A435
                                        I thought it had to do with the version of the Recaptcha but it didn’t.
                                        Reverted to 62.6.6 and it works fine now
                                        I think I will not upgrade to 62.6.10 🙂

                                      2. Hi I don’t know if you can help, but here’s my problem.
                                        I have a dnn Site that is getting hundreds of failed spam registrations a day.
                                        I have set Admin/ User Registration to “None”
                                        I have removed the smtp settings from the Host SMTP Server and port:
                                        I have completely removed the Admin account
                                        None of this has helped, in fact it has doubled the volume of spam.

                                        1. Install our spam registration module form our site. This is the one mentioned in our post. The reason is that it will update some files that are still in DNN after changing registrations to non. Better that you set the site up with Recaptcha V2 and be done with the spam bots.

                                      3. I have a site on DNN 07.01.00. I installed the 72 module and followed the instructions including clicking the “Install Register Control” button. On the page with the iWebs Register Module I see the reCaptcha V2 but the existing registration page still have the DNN captcha. Am I misunderstanding something or shouldn’t the existing DNN captcha be replaced in the existing registration module or do I need to actually use the iWebs Registration module instead of the DNN registration module?

                                        1. I figured it out. The site was already using a custom registration page. The “Install Register Control” updated the built-in register page not the custom page. Thanks

                                      4. kevinscharnhorst

                                        I installed iWebs Register on a DNN 6.4.x install. I have a custom web registration page and when clicking register from my login page it now tries to redirect to /register.aspx and this does not exist. Any ideas and suggestion for fix? Even when changing the registration page to so that it goes to the default it still redirects and the page cannot be found.

                                        1. We think this is either some redirection rules, or a much older version of the module installed first. Best you contact us using the Support tab and lodge a support ticket. Be sure to reference this comment.

                                        2. Josiah Olhava

                                          Kevinscharnhorst – Did you find a resolution?
                                          I also have this same problem and I did contact support but they couldn’t figure it out. The redirect is still there even after “restoring the control” and uninstalling the module it still redirects to register.aspx
                                          I am also on 6.4 and was using the current version of the module.
                                          Could you let us know what is modified in DNN by the module so I can try to find where and why this redirect is happening?

                                      5. I have a module that’s basically a custom form that has been developed by someone else and they neglected to add a Captcha widget.
                                        As a result I can’t just add your widget above the submit button within the DNN admin console as a module. Do you think I can possibly just add it manually into the legacy custom module like a tag and then package it together..?

                                        1. It may be possible to add it to your existing module, but would require some help from someone who knows what they are doing. I expect it would be cheaper to toss it out and just use ours.

                                      6. Hello,
                                        I installed your iWebs register recaptcha module and it did indeed solve the problem BUT, it can only work on one of the portals of my installation.
                                        I have more than one portal on a single installation and if things work smoothly on one the other portals using captcha throw an error whenever a user tries to register (Error: invalid domain for site key).
                                        Is there a way to solve this problem?

                                      7. Sorry, my mistake. I posted the comment above but I was wrong.
                                        I seem to be able to use the module on more than one portal in my installation but the error above – Invalid domain for site key – seems to come up pretty often on my websites preventing users from registering correctly.
                                        How often does Google change the recaptcha codes??
                                        I tried flagging the Send alerts to owners control box but nothing gets notified and I only find out things are not working anymore when some user complains he is incapable of completing the registration process.
                                        Is there a predictable scheme in the change of keys or it could happen any time without warning?
                                        If I know I have to change the keys, let’s say, each month I can set up a reminder and watch out for it on the websites but If I don’t have any predictable interval then it’s a little harder.
                                        thanks for any help on this subject matter

                                      8. Doug Blackmon

                                        Are we supposed to put anything in the g-recaptcha attributes? Also does this work with a custom DNN registration page?

                                      9. Very nice and useful module guys. Thank you very much.
                                        Unfortunately, there is one little problem. When we have main portal and child portals on different domain this solution will not work as child portals will have different domain than main portal and will have to have different keys added for this module. Unfortunately, this module can be used only when DNN installation has only one domain name.
                                        Kind Regards

                                        1. We have it sorted with some custom module, but frankly we are not supporting the DNN community for free any longer. Too time consuming and little thanks, so we have moved on.

                                          1. I understand. Would it be possible for you to post the source so that the community could fix this?? Seems like a fairly easy patch.

                                        2. If you are trying to sell precision and quality, you have to get your spelling and character order in words checked and fixed in blogs like this.

                                        3. Jeremy Farrance

                                          We were using this module successfully for a long time on a ‘cannot upgrade OR shut it off’ DNN 6.02.09 site. As of February this year it appears to have stopped working and the amount of registration spam coming through has been increasing lately.
                                          Is there a way to fix or upgrade or do something to mitigate the registration spam again? Please email me directly if you need more details or what to take a look at the site. Thank you – Jeremy

                                        4. Is this working with DNN DNNWrek Users module? We are using that module for use registration and the site is DNN 6.2
                                          I was trying with this module and not loading the captcha on it. Please can you help me?
                                          Thank You!

                                          1. Actually we have no idea what the DNN DNNWrek module is and if it works or disrupts recaptcha. Best to contact the people at: DNN DNNWrek for support with their paid module.

                                        5. I customized the module code (ascx and CS) to load Google recaptcha myself and now it is working. Thank you for the reply.

                                        6. In between, I used this iWebsRegister on a DNN evoq 08.00.00 website. Not sure if it is working. However I tried to change the theme to red and other available themes. But it is still clean. So why is that? Can I expect this as working?
                                          Please can you advise?

                                        7. I have attempted to install and use the iWebs Registration Recaptcha module as instructed. I established an account with Google and copied the secure keys provided. I am running DNN 8.0.4. With each test I receive the error “Incorrect Security Code” which appears at the top of the module but not in the Event Log. I attempted another test using the test keys provided by Google (copy paste) and received the same results. At this point I am at a loss, as the module is not useful in this environment. Can you provide any insight regarding the error message?

                                        8. Attempting to use the module in DNN 8.0.4 with V2 has turned into a dead end. That same error message “Incorrect Security Code” continues to appear and the registration fails. When I went to my Google Recaptcha site, Google displayed a message indicating that the client site was using V1. Strange, because Google has no way to establish V1 keys and the module was set to V2. Even though I set up the keys as V2, the module did work successfully when I switched to V1 in the module. Switching back to v2 in the module resulted in the same error. At this juncture I am not able to use V2 and Google has posted a deadline of 3/31/2018 to terminate support for V1. Also, on V1 the Google widget refers to a site which apparently does not exist. So far what appeared to be a promising journey has become a nightmare. Also sent in a support request to iWeb – waiting for response.

                                        9. OK, did manage to get the module working in test mode on my desktop. Major step forward. Appears that all items must be preset prior to loading and installing the module. Once the dnn elements were set I then loaded and installed the module as the very last step. Next step is to uninstall and reload module on the production system.

                                        10. We did further testing with different keys on two production sites one running DNN 8.0.4 and the other DNN 9.1.1. The module in both cases installed successfully. Although the module worked on the desktop development system using the live Google keys, both sites generated the same Incorrect Security Code error. It appears that perhaps with V2 the module is not negating the DNN error checking and DNN is returning the error message for the DNN Captcha control even though the iWeb control using V2 is displayed. If we switch to V1 in both sites the module properly registers new users.

                                        11. We really appreciate your recaptcha solution for DNN! We have been using version 2 on DNN 7.4.2 for over a year and it has been terrific. However, upon updating our site to DNN 8.0.4 and installing your latest version for DNN 8, we are now getting an error: “Incorrect Security Code” upon clicking the Register button. Your module is working on DNN 8.0.4 on my development p.c., IIS 10, but the error appears on DNN 8.04 on our server IIS 8.5. I don’t know if IIS version makes a difference. We have a real need to upgrade the live system to 8.0.4, but cannot proceed with the Recaptcha throwing this error. Any help or advice you can provide would be greatly appreciated! I am available to provide information and feedback to help solve this issue. Thank you, Shawn Cohan, President All Squared Web Design, LLC
                                          NOTE: The url below is a live test version our ecommerce site.

                                        12. Appears that we found a relationship between the tls level, the target framework defined in the web.config and V2 reCaptcha. This may relate only to our specific production server, which may suggest there are other factors involved, or it may be more widespread and occurring on other servers. If the latter we would appreciate some feedback from others. We tested the module on DNN 8.0.4 and DNN 9.1.1. Our server runs under tls 1.2. The DNN installs operate under a target framework of 4.5 for 8 and 4.6 for 9. When we reverted to tls 1.0, 1.1 the reCaptcha worked. When we went back to tls 1.2 and changed the target framework to 4.6 or higher the reCaptcha worked. On another server running 1.2 and target framework 4.5 the reCaptcha also worked. So we are not sure if there are other factors, unknown to us, affecting the module and reCaptcha operation. We felt obligated to report what we found hoping that it might assist iWebs and others with a similar experience. If you have any additional insight regarding tls and the target framework and whether our results were coincidental to a solution or that it is a definite factor we would appreciate some feedback.

                                        13. Don’t mean to belabor this; however, thought it might be important for those running .Net, especially with DNN sites. The following information was supplied by our hosting service:
                                          We found that the issue was being caused by the website still trying to issue a TLS 1.1 connection to the Google ReCaptcha V2 which requires a TLS 1.2 connection. This was being caused by the application targeting .Net Framework 4.5 which defaults to using TLS 1.1 connections. Since your virtual server was already updated security wise to disable all secure connection except for TLS 1.2, this caused the error.
                                          The solution was found to be adjusting the affected websites to target .Net Framework 4.6 or higher as they should default to using TLS 1.2 connections automatically. It seems your virtual server has .Net Framework 4.7 available so that is framework version we targeted in your applications and that seemed to resolve the issue. If you run into this on other installations you should be able to resolve it by adjusting their web.config files to target .Net Framework 4.7.

                                          1. Prasad Maduranga

                                            I was struggling with the same issue. I changed the target framework to 4.6 and then it worked. Thank you for updating your solution and it saved my time a lot. Thanks!

                                        14. I implemented this but they still get through. Google recaptcha reports the following:
                                          ‘We detected that your site is verifying reCAPTCHA passed solutions less than 50% of the time. This could indicate a problem with your integration with reCAPTCHA. Please see our developer site for more information.’

                                        15. We have the latest update ReCaptcha modules which include V3. Terrific, thank you so much for your support. We noticed one small glitch. Please confirm. The iWebs module appears to disable the DNN registration redirect function. I noticed this on the earlier version of the module and it still appears to exist. Consequently, we need to take an extra step to ask the user to click on a link to get to an area in the site which is the next step after registration. I’ll gladly put in a trouble ticket, if that is your requirement to address this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *