Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for greylisted IP addresses and did not require any settings for captcha challenge. Starting from v4.9, Imunify360 admins can specify their own reCAPTCHA keys for the server.
In this article, you can find a step by step guide on how to set up a custom site and secret keys for your Imunify360 server.
Google has a limited rate for free reCAPTCHA use which is 1 million requests per month (more accurately - “1 million renders of reCAPTCHA”). The limit is enough for a single hosting provider. However, it’s not enough for the Imunify product to handle all requests within the free limits. Thus, we recommend that you start using custom keys registered for your Google account which will guarantee that the reCAPTCHA challenge will be properly shown on your servers.
We’ve analyzed the maximum and the average reCAPTCHA rate among all customers and confidently state that it’s more than enough for any hosting provider with high-load servers.
*Note: Google counts only real reCAPTCHA renders which are less than 1% of CAPTCHA requests shown on the Imunify360 Dashboard. It happens due to the majority of requests coming from dummy bots without JavaScript support.
You can always register a few custom keys, and rotate them using Cron jobs.
Public and secret reCAPTCHA keys are required for integration between Imunify360 and Google reCAPTCHA service.
The site key will be publicly available and shown on pages along with reCAPTCHA widget or Invisible CAPTCHA, whereas the secret key will be stored for intercommunication between the backend of Imunify360 and Google service.
*Note: Due to the captcha rate limit we recommend using different reCAPTCHA keys for each server.
Google’s quotation: If you wish to make more than 1k calls per second or 1m calls per month, you must use reCAPTCHA Enterprise or fill out this form and wait for an exception approval.
You need to put these keys on the Imunify360 settings page
or use the following CLI commands:
# imunify360-agent config update '{"WEBSHIELD": {"captcha_site_key": "6Ldu4XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCN6fJ"}}'# imunify360-agent config update '{"WEBSHIELD": {"captcha_secret_key": "6Ldu4XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXQqUuk"}}'
6.The final step is to allow Google to process requests from any of your domains
That’s it.
In order to make sure that you’ve done everything correctly you need to do the following:
# imunify360-agent whitelist ip list
IP TTL COUNTRY IMPORTED_FROM COMMENT
1.2.3.4 10256 None None Whitelisted for 3 hours due to successful panel login
# imunify360-agent whitelist ip delete 1.2.3.4
OK
# imunify360-agent whitelist ip list
IP TTL COUNTRY IMPORTED_FROM COMMENT# curl -v http://example.org/?i360test=88ff0adf94a190b9d1311c8b50fe2891c85af732# imunify360-agent whitelist ip list
IP TTL COUNTRY IMPORTED_FROM COMMENT
1.2.3.4 86377 None None IP auto-whitelisted with expiration date: 2020-05-28 15:29:34
If you see that your IP is whitelisted then integration between Imunify360 and reCAPTCHA service was done properly.
You can watch how invisible reCAPTCHA works at
The Imunify product team would like to hear from you. To share your ideas and observations, please send them to us at feedback@cloudlinux.com.
If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify360 support team at cloudlinux.zendesk.com.