Captcha validation for user sign-up #635
Labels
Comments
|
A different path (specifically for wakapi.dev) would be to include bad IP checking into the reverse proxy sitting in front of Wakapi. Request IPs could be checked against AbuseIPDB for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are currently experiencing user registration spam on wakapi.dev. Apparently, somebody is running a script to repeatedly create fake accounts with allegedly real e-mail addresses (wow, thanks... 👏🙄 ...). This is why user registration is currently disabled. Rate limiting (#628) doesn't help, because they are using a different IP address each time. Let's try add captchas (sorry to all legitimate users...) to prevent this nonsense.
Google reCaptcha would be most reliable and seamless for users, but, on the other hand, I'd like to keep Wakapi fully self-hosted and don't have it send any data to external (US-based) services. Lets try https://github.com/dchest/captcha and see if it's sufficient.
The text was updated successfully, but these errors were encountered: