I have a wordpress website that uses recaptcha v2. The wordpress admin GUI obfuscates part of my private recaptcha key.
As I need access to this key, I want to find out which e-mail address is associated with my captcha account, in order to access the google recaptcha console.
Does anyone know how to find out which e-mail address is associated with a recaptcha account?
if you go to www.google.com/recaptcha/admin/ this will allow you to see your websites listed and you will be able to see what recaptcha keys are linked to where.
But from a security point i dont think there is a way to know what account set up the keys so you must login with the emails you suspect and see if they are listed
Related
I have no experience with this and I'm in need of major help. I have a word press website that I am trying to connect a gmail account to. So that the contact form gets sent to a gmail address. I got it all set up and it is telling me I need verification. This is only being used for my word press website. Probably very few users, not a business. Can I get around the verification process or not?
You would need an OAuth Consent Screen for your Project.
You can refer to this blog post on how you can connect a Gmail account on your Wordpress site
I don't know where to find the Google traffic results (output) for reCAPTCHA v3 because I don't know where to find the "admin console" where the results would be output (where I could adjust parameters, etc.).
I used my regular email address (not associated with a GSuite account) when I entered the domain name for the site I'm working on and generated the site key and the secret key for the reCAPTCHA code.
I have a second email address (associated with a GSuite account I have and tied to a different email address and a completely different site from the one I'm installing the reCAPTCHA in).
The only Google-related "admin console" I've been able to find so far is the one that goes with the GSuite account (not the one I want associated with the site I'm working on).
Is there somewhere else I can find the right admin console for the reCAPTCHA info? (It seems counterintuitive that Google would claim reCAPTCHA is free and then make a user pay for GSuite to have access to the stats.)
Use of reCAPTCHA is not tied to G Suite.
You can access the reCAPTCHA admin console here:
https://www.google.com/recaptcha/admin/site/
This is also linked from the top-right side of the homepage:
https://www.google.com/recaptcha/intro/v3.html
The specific reCAPTCHA keys will only be visible to accounts that are owners of the site. To add an owner:
sign in to the Google account that has access to the reCAPTCHA key you want to share
go to the settings for the site, accessible via the cog icon on the right side of the admin console
there will be a section heading "Owners"
add the email address of the Google account you want to allow access
click "Save" at the bottom of the page
Sign in to the Google account you added as an owner and you should now see the site in the admin console
I am having some trouble figuring out how I can let users set their API credentials to get read-only data from the Google Calendar API.
I have it set up to use OAuth to allow a fallback. It allows the user to click for an access key to copy over and save.
However, I am finding an issue when I try to make it so users can enter their own API settings.
I tried the same method I used for the fallback, but even if they enter those credentials in they would still need to authenticate it with an access key.
So I guess my question is how can I just include a simple API key to be saved and used to get the data?
I haven't been able to find very many resources or documentation on this so even pointing me in the right direction will be very helpful.
Thanks!
EDIT:
So here is a link to the part of the Calendar API I need to use: https://developers.google.com/google-apps/calendar/v3/reference/events/list
And if you compare it to the top of the page of this API page: https://developers.google.com/google-apps/calendar/v3/reference/events/delete
You will see the delete specifies that it requires Authorization, but the List does not. All I need is the list but when I have tried to connect with it without any authorization it does not work. Am I missing something?
If the data is not public, the users will have to authenticate with Google and enter the access code on your plugin configuration. Google Analytics for WP does this, check its source.
I don't see the problem with having the users authenticating, but one alternative is to add support for service account, like the Google Drive WP Media does. In this case users of your plugin will enter the service account email and upload the private key file (I'm not sure if the Drive WP plugin implements it in a secure way).
The company I work for have a small Plone blog. But we have a problem with spam accounts. We use captcha on the site and Plone sends a mail to the users that they must confirm before they can edit the user profile. Still about 600 spam users are created every day. In the Plone user profile they paste all kinds of commercial links.
We are located in Denmark and the blog is in danish, therefore I have made a script to delete all users with a non danish mail adress. But even though most of the real users have a danish mail account I probably still deletes some real users when running the script.
The spam users register from a vide range of ip-adresses, so blocking ip's is not an option.
Does anyone have ideas to what to do about this problem?
Disable Plone comments/public user creation and use a third party commenting service such as Disqus.
They somehow trick recaptcha (if you find out, please let me know :)
But how do they do the email validation? They don't have to. Plone join_form has a hidden field for password which is filled by this bot and Plone saves it as the real password (check the REQUEST object comming from this bot)
So the bot doesn't need to check email for password. That's how they get in and activate those accounts. So fix the hidden password field from join_form.
Then, remove all users that have links in their profile description (as a real user you don't do that, do you?). Also don't let the users to input HTML within their profile description.
I am developing an ASP.NET application.
I implemented Facebook API in my application now I want to access email addresses of my friends on Facebook.
I successfully connected Facebook with my application, but when I use FacebookApi.friends.GetList() it will give only friends userids then I will fire a FQL for each friend userid to access email but some time I got blank instead of email address.
Can someone help.
Which is best way facebook rest API or graph API?
The answer is almost certainly that one of the following is true:
The user hasn't shared an email address with Facebook
The user has placed you in a privacy group they deign to share their email address with
The user has set their privacy settings to not share their email address at all
If any of these are true, there's nothing you can do to resolve this short of asking your friends to change their privacy settings.
You need to ask for permission "email" to access email address of any user using your app, the reason why you are getting some email addresses is because few of Facebook users relatively have less restrictive privacy settings.