Gitea: Image CAPTCHA not effective anymore
- Gitea version (or commit ref): 1.12.3
Description
I have the signup form image CAPTCHA enabled on my Gitea server but in the past few days there have been many bots registering accounts (and failing to get the confirmation emails, which bounce or are flagged as spam by random idiots, hurting my mail server's reputation). It seems that either the bots are able to solve the CAPTCHA or there's some way around it. I did notice that requesting the CAPTCHA image over and over with the same URL (i.e. right-click image, open in new tab, F5) will produce dozens of new images with the same correct answer, so they might be using that to figure out the correct answer. Or it's just too easy to begin with.
skylarmt
All 3 comments
Here's an alternative CAPTCHA library with more options for difficulty and different types (numbers, letters, math problems):
skylarmt
on 23 Aug 2020
Another option is to add alternative CAPTCHA options such as hCaptcha or Captcheck. I don't use Google's reCAPTCHA because I believe forcing users to run spyware on their devices in order to use my websites is wrong.
skylarmt
on 23 Aug 2020
FYI: Since opening this issue, bots have created 169 new accounts that were never activated and I've received over a dozen abuse reports from people who flagged the confirmation emails as spam.
skylarmt
on 26 Aug 2020
Related issues
jorise7
路
3Comments
flozz
路
3Comments
BNolet
路
3Comments
jonasfranz
路
3Comments
internalfx
路
3Comments
Most helpful comment
Another option is to add alternative CAPTCHA options such as hCaptcha or Captcheck. I don't use Google's reCAPTCHA because I believe forcing users to run spyware on their devices in order to use my websites is wrong.