I can’t help with a self-hosted captcha, but I do know that hCAPTCHA claims to be more privacy respecting than reCAPTCHA. They also have a 1:1 comparability layer with the reCAPTCHA API so it should be a drop-in replacement without too much effort.
I’m interested to hear if anyone chimes in with a self-hosted solution, but I’d imagine a managed solution would probably be best for an application of any size if you’re worried about bots.
Also, while I agree with the other poster that bots may be better than humans at solving captchas, I do want to say that they’re better than nothing. Just like I wouldn’t leave my front door unlocked (even though house doors are easily picked / broken), a simple deterrent is better than nothing. A site I was working on went from hourly spam to none at all with just a simple Cloudflare captcha.
You could use something like mCaptcha, which isn't really a captcha (because it doesn't do a Turing test), but fills the same use case, by providing users with a proof of work challenge, which rate limits them like a captcha would
I tried their demo page but it just takes the login credentials and never actually shows a captcha. Maybe it broken? Could you tell me what I should be seeing here?
You need to register an account on their demo page (this account gets automatically deleted after a while). And then you can create deployments, that can be embedded into other forms
I'm lost... Based on their link I expected a "demo" page, you know, something that actually shows an example of the captcha that this code is supposed to provide? I didn't even see a description of what kind of input their captcha requests from the users. It seems like I have to do a full installation just to learn something they could have provided in a single picture.
they will have to generate proof-of-work (a bunch of math that will takes time to compute) and submit it to mCaptcha.
The user doesn't have to do anything, your computer has to do the work
Ooooohhhh! Well now, suddenly this sounds a lot more interesting! Thanks for that breakdown, because I completely missed the point of this one.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!