The #HardenedBSD self-hosted instance receives a lot of spam account and repo creations. The spammers regularly bypass captcha.
Does anyone have any suggestions on how to combat this type of activity?
#GitLab #selfhosting
Conversation
wiki.archlinux.org/index.php?titl requires the output of running a command on an up-to-date installation of the OS. It wiped out the spammers.
There's a more universally usable one for the forums which uses week number and uname output to let people get the answer on any Linux-based OS.
3
3
IIRC, the spammers ended up figuring out how to bypass the original questions because they could get the answer on macOS. I think it's intentionally stricter for the wiki because spammers are much more annoying there and people don't need to be able to edit the wiki to get help.
The forum one is here:
bbs.archlinux.org/register.php?a
What is the output of "date -u +%V$(uname)|sha1sum|sed 's/\W//g'"?
Even without a Linux installation, people can get the answer. Wiki had a serious problem with human spammers though and "pacman -V|base32|head -1" defeats them.
1
You could probably stop a lot of the spam by adding something like "Which OS is HardenedBSD based on?" and most of the spammers will simply give up and go away. It will at the very least defeat any fully automated ones. Determined ones will figure it out and automate it though.
1
1
Show replies

