I have a self-hosted matrix-synapse server up and running on a Debian linux server, but before I open it up I want to at least get a captcha service in place to reduce spamming. The only module I’ve seen to handle this function appears to require setting up a Google recaptcha though, however I would prefer to keep all of this entirely self-contained for the privacy of my users. Can anyone recommend a module that allows for a local captcha option? For that matter, can anyone also recommend a captcha system that is pretty straightforward to set up (which is compatible with matrix-synapse) and uses basic preinstalled code bases like perl or python?

And while I’m here, I would also like to provide the option of registering with an email address, but I’m having trouble finding any clear how-to pages on this. Seems like that function might be built directly in to matrix-synapse but I’m just not finding anything helpful. Any suggestions?

I’m fairly new to matrix in general, but I have an initial setup running with the homeserver, Element web page, and an IRC bridge, so if I can just nail down the validation part of registrations I’ll have what I think is a good starting point to launch from.

  • @subtext
    link
    English
    51 year ago

    I can’t help with a self-hosted captcha, but I do know that hCAPTCHA claims to be more privacy respecting than reCAPTCHA. They also have a 1:1 comparability layer with the reCAPTCHA API so it should be a drop-in replacement without too much effort.

    I’m interested to hear if anyone chimes in with a self-hosted solution, but I’d imagine a managed solution would probably be best for an application of any size if you’re worried about bots.

    Also, while I agree with the other poster that bots may be better than humans at solving captchas, I do want to say that they’re better than nothing. Just like I wouldn’t leave my front door unlocked (even though house doors are easily picked / broken), a simple deterrent is better than nothing. A site I was working on went from hourly spam to none at all with just a simple Cloudflare captcha.