Cerberus FTP Server recognizes that bots will try to spam and abuse your account requests, password resets and logins. To protect users from these types of attacks, Cerberus FTP Server has an integration feature with Google reCAPTCHA as an added layer of protection.
reCAPTCHA is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart. With the new API, a significant number of your valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA. reCAPTCHA comes in the form of a widget that you can easily add to your site.
Creating and Integrating a reCAPTCHA:
Follow the steps below to integrate a reCAPTCHA with the Cerberus FTP Server web interface.
Open the Cerberus FTP Server GUI. Click on the "Configure" tab at the top of the screen. A box titled "Server Manager" will appear. On the top the box click on "Listeners". In the list of IP addresses, scroll down to the HTTPS IP and click on it.
After selecting the HTTPS IP address you will see a variety of options appear below. Click on "Configure CAPTCHA".
A box will pop up titled "Configure CAPTCHA". Click the link "Sign up for a reCAPTCHA Account".
Clicking on the link "Sign up for a reCAPTCHA Account" in Cerberus FTP Server will open a new window and redirect you to Google reCAPTCHA webpage. At the top of the webpage, click the blue button that says "Admin Console" or "Get reCAPTCHA".
After clicking on "Admin Console" or "Get reCAPTHCA", you may be required to log in, or you will be taken to the "Register a new site" page. Provide a label (this can be whatever you like) and select the type of reCAPTCHA you would like to use. We require selecting "reCAPTCHA V2".
With the label filled out and the type of reCAPTCHA selected (we only support v2 at this time), you will need to provide the domain you want to associate the reCAPTCHA with. The domain you will supply here is the IP address of your HTTPS listener, which you can locate in the "Interfaces" pane of the Cerberus FTP Server admin portal. Click to accept the Terms of Service and then click "Submit".
Now that your domain IP address is registered, you will be provided with information that will need to be transferred over to Cerberus FTP Server. From the Google reCAPTCHA webpage transfer the Site Key and Secret Key into Cerberus FTP Server. Simply copy the keys from Google and paste them into Cerberus FTP Server.
In Cerberus FTP Server, the Public Key refers to the Site Key and the Private Key refers to the Secret Key. Select the boxes below the keys to identify where you want the reCAPTCHA to appear. Click "OK".
Finally, click "Update" on the Server Manager - Interfaces box. If you do not click "Update" the reCAPTCHA will not appear.
If necessary, update your firewall to allow the reCAPTCHA URL through. The URL that reCAPTCHA needs access to is https://www.google.com/recaptcha/api/siteverify.