I have a self-hosted matrix-synapse server up and running on a Debian linux server, but before I open it up I want to at least get a captcha service in place to reduce spamming. The only module I’ve seen to handle this function appears to require setting up a Google recaptcha though, however I would prefer to keep all of this entirely self-contained for the privacy of my users. Can anyone recommend a module that allows for a local captcha option? For that matter, can anyone also recommend a captcha system that is pretty straightforward to set up (which is compatible with matrix-synapse) and uses basic preinstalled code bases like perl or python?

And while I’m here, I would also like to provide the option of registering with an email address, but I’m having trouble finding any clear how-to pages on this. Seems like that function might be built directly in to matrix-synapse but I’m just not finding anything helpful. Any suggestions?

I’m fairly new to matrix in general, but I have an initial setup running with the homeserver, Element web page, and an IRC bridge, so if I can just nail down the validation part of registrations I’ll have what I think is a good starting point to launch from.

  • subtext@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I can’t help with a self-hosted captcha, but I do know that hCAPTCHA claims to be more privacy respecting than reCAPTCHA. They also have a 1:1 comparability layer with the reCAPTCHA API so it should be a drop-in replacement without too much effort.

    I’m interested to hear if anyone chimes in with a self-hosted solution, but I’d imagine a managed solution would probably be best for an application of any size if you’re worried about bots.

    Also, while I agree with the other poster that bots may be better than humans at solving captchas, I do want to say that they’re better than nothing. Just like I wouldn’t leave my front door unlocked (even though house doors are easily picked / broken), a simple deterrent is better than nothing. A site I was working on went from hourly spam to none at all with just a simple Cloudflare captcha.

    • Shdwdrgn@mander.xyzOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’m not really surprised by this, but it still helps to have something in place to keep out the low-effort bots (and especially the low-effort humans). I also run some community-drive blocklists in front of things to knock out the worst of them.

  • emhl@feddit.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    You could use something like mCaptcha, which isn’t really a captcha (because it doesn’t do a Turing test), but fills the same use case, by providing users with a proof of work challenge, which rate limits them like a captcha would

    • Shdwdrgn@mander.xyzOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I tried their demo page but it just takes the login credentials and never actually shows a captcha. Maybe it broken? Could you tell me what I should be seeing here?

      • emhl@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You need to register an account on their demo page (this account gets automatically deleted after a while). And then you can create deployments, that can be embedded into other forms

        • Shdwdrgn@mander.xyzOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’m lost… Based on their link I expected a “demo” page, you know, something that actually shows an example of the captcha that this code is supposed to provide? I didn’t even see a description of what kind of input their captcha requests from the users. It seems like I have to do a full installation just to learn something they could have provided in a single picture.

          • neeeeDanke@feddit.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            they will have to generate proof-of-work (a bunch of math that will takes time to compute) and submit it to mCaptcha.

            The user doesn’t have to do anything, your computer has to do the work

            • Shdwdrgn@mander.xyzOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Ooooohhhh! Well now, suddenly this sounds a lot more interesting! Thanks for that breakdown, because I completely missed the point of this one.