BILLmanager 6 Startup, Advanced
en En
es Es
Your feedback is an opportunity for improvement!
Take part in the survey and contribute to the development of the ISPsystem ecosystem.
Take the survey
Documentation
/
BILLmanager 6 Startup, Advanced
/
Clients and staff members
/
Spambot protection (reCAPTCHA)

Spambot protection (reCAPTCHA)

CAPTCHA is a technology for protecting web services from bots. BILLmanager supports two systems that analyze user behavior on registration and authorization forms:

  • Google reCAPTCHA (including invisible reCAPTCHA) — service from Google that analyzes user behavior on registration and login forms;
  • Yandex SmartCaptcha — solution from Yandex with a choice between standard and invisible validation. 

Both services automatically detect suspicious activity. If the user's actions seem atypical, the system offers to pass a check (image recognition, object selection, etc.). 

The platform allows to:

  • create global CAPTCHA settings;
  • configure protection separately for each provider.
    CAPTCHA settings that are specified in the provider settings have higher priority than those specified in the Global settings section.

Google reCAPTCHA setup

Google reCAPTCHA analyzes user behavior on the registration and authorization form of the BILLmanager platform. If the client's actions can be classified as suspicious, the client is offered to take an image recognition test. BILLmanager supports two types of protection:

  • reCAPTCHA — the registration form has a flag “I am not a robot”. Requests are checked after the flag is activated;
  • invisible reCAPTCHA — in invisible mode CAPTCHA is not present on the page for most users. Only users that are considered suspicious by the service can see the task window.

To configure reCAPTCHA, go to ProviderGlobal SettingsRegistration and authorization form settings → select Google reCAPTCHA in the fields Type of reCAPTCHA on registration form and Type of reCAPTCHA on authorization form.

Specify the following parameters:

  • Invisible captcha  — activate the option to hide the verification window from the page;
  • Key and Secret Key — unique keys for using reCAPTHCA API. Displayed on the official page of Google reCAPTCHA service after site registration.

    Be cautious when filling in the Key and Secret Key fields:

    • if you enter an invalid value in the Key field, reCAPTCHA will display an error;
    • if you specify an incorrect value in the Secret key field, the check will always fail;
    • If you select the Invisible captcha checkbox and specify an incorrect value in the Key field, an error will be displayed on the registration and authorization forms.

On the Google side, select The type of reCAPTCHA when setting up the key:

  • with v2 assignments:
    • “I'm not a robot” flag;
    • invisible reCAPTCHA icon — invisible reCAPTCHA.

Each key works with one type of reCAPTCHA site only. For more information about The types of reCAPTCHA, see the official documentation of the service.


Google reCAPTCHA setup

Yandex SmartCaptcha setup

Using Yandex SmartCaptcha in BILLmanager allows to protect against automated attacks. Yandex SmartCaptcha provides the ability to:

  • choose between standard and invisible CAPTCHA;
  • set up protection of registration and authorization forms by choosing from several options for CAPTCHA tasks of different complexity. For example, text recognition, slider, or kaleidoscope. For more information about setting up Yandex SmartCaptcha on the Yandex side, see the official Yandex documentation.

To set up Yandex SmartCaptcha:

  1. Create a new Yandex SmartCaptcha in the management console on the Yandex website. After creation, you will receive two unique keys: Client key and Server key.
  2. In BILLmanager go to ProviderGlobal SettingsRegistration and authorization form settings → select Google reCAPTCHA in the fields Type of reCAPTCHA on registration form and Type of reCAPTCHA on authorization form  choose Yandex SmartCaptcha.
  3. Specify the following parameters:
    • Invisible captcha  — activate the option to hide the verification window from the page. In invisible mode CAPTCHA is not present on the page for most users. Only users that are considered suspicious by the service can see the task window.
    • Client key and Server key — unique keys for using Yandex SmartCAPTCHA. More information about keys in the official Yandex documentation.

Be cautious when filling in the Client key and Server key fields:

  • if you enter an invalid value in the Client key field, CAPTCHA will display an error;
  • if you specify an incorrect value in the Server key field, the check will always fail;
  • If you select the Invisible captcha checkbox and specify an incorrect value in Client key field, you can see the error message only from the developer console in the browser. The error is not displayed on the registration and authorization forms.

Yandex SmartCaptcha setup

When the language of the platform interface changes, Yandex SmartCaptcha automatically changes the language. In this case, the CAPTCHA state is reset.

Operations via API

If you have set up reCAPCTHA, you cannot order services via API BILLmanager. Accessing the billing platform via API will give the error that reCAPTHA validation failed.  

To integrate BILLmanager with a website with reCAPTCHA, add a script into the website header (inside the <head> tag) and use the same keys as for the billing platform configuration. Learn more in the article Integration with a website with reCAPTCHA

The article was last updated on 07.05.2022. The article was prepared by technical writers of ISPsystem.