Google recaptcha remoteip explanation


In the documentation of recaptcha it says that the remoteip argument is optional, but I don't understand its purpose, because even if I send a different IP than REMOTE_ADDR, the response from Google is still a valid captcha.


It is already asked in Information Security and I will provide the accepted answer here, too. Because it is not clear that it is mainly a security issue:


Because there could be a DNS/hosts reroute in place to allow the captcha to be parsed differently by a malicious user

One possible scenario is farming cheap labour to manually solve captchas and then submit them back with the form. Since the recaptcha only will serve the image once this is the lazy way to farm this out. ( redirect the requested image to elsewhere ).

If the IP address which requests the image is different to the IP address that requests the page then this would indicate this style of attack.




  • Google recaptcha remoteip explanation
  • VB.NET Lambda Expressions
  • Xcode 6.1 can't find 'debug view hierarchy' button
  • How to display the median value in a faceted boxplot in ggplot?
  • Python Script for downloading new email attachments using imap
  • Spring 3..0.5 + hierbnate 3.6.6.final + jboss as 7 Database access
  • uploading images in codeigniter, is userfile required?
  • Different Realm Configurations Appearing in Swift App
  • Keyboard covers TextField
  • Can an Entity access a Repository?
  • Initializing a pointer to compound literals in C
  • Model binding not working with Stream type parameter in asp.net core webapi controller action method
  • Angular4 - Nested route with params
  • Set a page title from a PartialView [duplicate]
  • “RepeatForUnit” item missing in Calendar entry?
  • Find string between two substrings AND between string and the end of file
  • MySQL - Filter records which date is biggest
  • What is need of Assign/Deassign in Verilog?
  • Parallelization via JDBC - Pyspark - How does parallelization work using JDBC?
  • CABasicAnimation creates empty default value copy of CALayer
  • Hibernate Idempotent Update
  • Background beacon detection and Notification (Both iOS and Android) for Eddystone beacon?
  • Azure NodeJS Error: ENOENT, open 'D:\\home\\site\\wwwroot\\bin\\views\\'
  • Optimization of optim() in R ( L-BFGS-B needs finite values of 'fn')
  • separate tokens in batch file
  • Facebook Error (#200) The user hasn't authorized the application to perform this action (PHP)
  • Building JavaFX 2.0 App on Mac, deploying on Windows
  • How to resolve this in PHPUnit where it is asking me to set KERNEL_DIR in my phpunit.xml?
  • Getting the type of a “Type” in C# reflection
  • Wireshark Display Filter for Unique Source/Destination IP and Protocol
  • How do I use libcurl to printf a remote FTP directory listing?
  • Ajax call on Multiple selection in Select box
  • Typeahead.js does give me suggestions but doesn't select them
  • Support of :after in IE7
  • how to get the location(lat/lng) on google maps v3 from the location(x,y)
  • Send array to next viewcontroller iOs xcode [duplicate]
  • What is the best way to cache and reuse immutable singleton objects in Java?