The #HardenedBSD self-hosted instance receives a lot of spam account and repo creations. The spammers regularly bypass captcha.
Does anyone have any suggestions on how to combat this type of activity?
#GitLab #selfhosting
Conversation
wiki.archlinux.org/index.php?titl requires the output of running a command on an up-to-date installation of the OS. It wiped out the spammers.
There's a more universally usable one for the forums which uses week number and uname output to let people get the answer on any Linux-based OS.
3
3
IIRC, the spammers ended up figuring out how to bypass the original questions because they could get the answer on macOS. I think it's intentionally stricter for the wiki because spammers are much more annoying there and people don't need to be able to edit the wiki to get help.
1
1
The forum one is here:
bbs.archlinux.org/register.php?a
What is the output of "date -u +%V$(uname)|sha1sum|sed 's/\W//g'"?
Even without a Linux installation, people can get the answer. Wiki had a serious problem with human spammers though and "pacman -V|base32|head -1" defeats them.
You could probably stop a lot of the spam by adding something like "Which OS is HardenedBSD based on?" and most of the spammers will simply give up and go away. It will at the very least defeat any fully automated ones. Determined ones will figure it out and automate it though.
1
1
Don't underestimate low tech solutions though. That low tech question about HardenedBSD is less burden for anyone who should actually be using it than solving most captchas and at a minimum defeats fully automated spam with no human to help it deal with your site specifically.
1