Google recaptcha remoteip explanation

孤者浪人 提交于 2020-06-16 00:35:06

问题


In the documentation of recaptcha it says that the remoteip argument is optional, but I don't understand its purpose, because even if I send a different IP than REMOTE_ADDR, the response from Google is still a valid captcha.


回答1:


It is already asked in Information Security and I will provide the accepted answer here, too. Because it is not clear that it is mainly a security issue:

Because there could be a DNS/hosts reroute in place to allow the captcha to be parsed differently by a malicious user

One possible scenario is farming cheap labour to manually solve captchas and then submit them back with the form. Since the recaptcha only will serve the image once this is the lazy way to farm this out. ( redirect the requested image to elsewhere ).

If the IP address which requests the image is different to the IP address that requests the page then this would indicate this style of attack.



来源:https://stackoverflow.com/questions/46632194/google-recaptcha-remoteip-explanation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!