11

I have a self-hosted matrix-synapse server up and running on a Debian linux server, but before I open it up I want to at least get a captcha service in place to reduce spamming. The only module I've seen to handle this function appears to require setting up a Google recaptcha though, however I would prefer to keep all of this entirely self-contained for the privacy of my users. Can anyone recommend a module that allows for a local captcha option? For that matter, can anyone also recommend a captcha system that is pretty straightforward to set up (which is compatible with matrix-synapse) and uses basic preinstalled code bases like perl or python?

And while I'm here, I would also like to provide the option of registering with an email address, but I'm having trouble finding any clear how-to pages on this. Seems like that function might be built directly in to matrix-synapse but I'm just not finding anything helpful. Any suggestions?

I'm fairly new to matrix in general, but I have an initial setup running with the homeserver, Element web page, and an IRC bridge, so if I can just nail down the validation part of registrations I'll have what I think is a good starting point to launch from.

all 9 comments
sorted by: hot top controversial new old
[-] subtext@lemmy.world 6 points 1 year ago

I can’t help with a self-hosted captcha, but I do know that hCAPTCHA claims to be more privacy respecting than reCAPTCHA. They also have a 1:1 comparability layer with the reCAPTCHA API so it should be a drop-in replacement without too much effort.

I’m interested to hear if anyone chimes in with a self-hosted solution, but I’d imagine a managed solution would probably be best for an application of any size if you’re worried about bots.

Also, while I agree with the other poster that bots may be better than humans at solving captchas, I do want to say that they’re better than nothing. Just like I wouldn’t leave my front door unlocked (even though house doors are easily picked / broken), a simple deterrent is better than nothing. A site I was working on went from hourly spam to none at all with just a simple Cloudflare captcha.

[-] emhl@feddit.de 4 points 1 year ago

You could use something like mCaptcha, which isn't really a captcha (because it doesn't do a Turing test), but fills the same use case, by providing users with a proof of work challenge, which rate limits them like a captcha would

[-] Shdwdrgn@mander.xyz 2 points 1 year ago

I tried their demo page but it just takes the login credentials and never actually shows a captcha. Maybe it broken? Could you tell me what I should be seeing here?

[-] emhl@feddit.de 1 points 1 year ago

You need to register an account on their demo page (this account gets automatically deleted after a while). And then you can create deployments, that can be embedded into other forms

[-] Shdwdrgn@mander.xyz 1 points 1 year ago

I'm lost... Based on their link I expected a "demo" page, you know, something that actually shows an example of the captcha that this code is supposed to provide? I didn't even see a description of what kind of input their captcha requests from the users. It seems like I have to do a full installation just to learn something they could have provided in a single picture.

[-] neeeeDanke@feddit.de 2 points 1 year ago

they will have to generate proof-of-work (a bunch of math that will takes time to compute) and submit it to mCaptcha.

The user doesn't have to do anything, your computer has to do the work

[-] Shdwdrgn@mander.xyz 1 points 1 year ago

Ooooohhhh! Well now, suddenly this sounds a lot more interesting! Thanks for that breakdown, because I completely missed the point of this one.

this post was submitted on 22 Aug 2023
11 points (100.0% liked)

Selfhosted

40697 readers
126 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS