Image CAPTCHA not effective anymore #5886

New Issue

Closed

opened 2025-11-02 06:39:21 -06:00 by GiteaMirror · 5 comments

GiteaMirror commented 2025-11-02 06:39:21 -06:00

Owner

Copy Link

Originally created by @skylarmt on GitHub (Aug 23, 2020).

• Gitea version (or commit ref): 1.12.3

Description

I have the signup form image CAPTCHA enabled on my Gitea server but in the past few days there have been many bots registering accounts (and failing to get the confirmation emails, which bounce or are flagged as spam by random idiots, hurting my mail server's reputation). It seems that either the bots are able to solve the CAPTCHA or there's some way around it. I did notice that requesting the CAPTCHA image over and over with the same URL (i.e. right-click image, open in new tab, F5) will produce dozens of new images with the same correct answer, so they might be using that to figure out the correct answer. Or it's just too easy to begin with.

Originally created by @skylarmt on GitHub (Aug 23, 2020). - Gitea version (or commit ref): 1.12.3 ## Description I have the signup form image CAPTCHA enabled on my Gitea server but in the past few days there have been many bots registering accounts (and failing to get the confirmation emails, which bounce or are flagged as spam by random idiots, hurting my mail server's reputation). It seems that either the bots are able to solve the CAPTCHA or there's some way around it. I did notice that requesting the CAPTCHA image over and over with the same URL (i.e. right-click image, open in new tab, F5) will produce dozens of new images with the same correct answer, so they might be using that to figure out the correct answer. Or it's just too easy to begin with.

GiteaMirror closed this issue 2025-11-02 06:39:21 -06:00

GiteaMirror commented 2025-11-02 06:39:21 -06:00

Author

Owner

Copy Link

@skylarmt commented on GitHub (Aug 23, 2020):

Here's an alternative CAPTCHA library with more options for difficulty and different types (numbers, letters, math problems):

https://github.com/mojocn/base64Captcha
demo

@skylarmt commented on GitHub (Aug 23, 2020): Here's an alternative CAPTCHA library with more options for difficulty and different types (numbers, letters, math problems): https://github.com/mojocn/base64Captcha [demo](https://captcha.mojotv.cn)

GiteaMirror commented 2025-11-02 06:39:22 -06:00

Author

Owner

Copy Link

@skylarmt commented on GitHub (Aug 23, 2020):

Another option is to add alternative CAPTCHA options such as hCaptcha or Captcheck. I don't use Google's reCAPTCHA because I believe forcing users to run spyware on their devices in order to use my websites is wrong.

@skylarmt commented on GitHub (Aug 23, 2020): Another option is to add alternative CAPTCHA options such as [hCaptcha](https://www.hcaptcha.com/) or [Captcheck](https://captcheck.netsyms.com/). I don't use Google's reCAPTCHA because I believe forcing users to run spyware on their devices in order to use my websites is wrong.

GiteaMirror commented 2025-11-02 06:39:22 -06:00

Author

Owner

Copy Link

@skylarmt commented on GitHub (Aug 26, 2020):

FYI: Since opening this issue, bots have created 169 new accounts that were never activated and I've received over a dozen abuse reports from people who flagged the confirmation emails as spam.

@skylarmt commented on GitHub (Aug 26, 2020): FYI: Since opening this issue, bots have created 169 new accounts that were never activated and I've received over a dozen abuse reports from people who flagged the confirmation emails as spam.

GiteaMirror commented 2025-11-02 06:39:22 -06:00

Author

Owner

Copy Link

@Schoumi commented on GitHub (May 19, 2021):

Instead of doing captcha for human, I remember, I've read something about showing captcha only for bots in some hidden fields in the page. If the captcha is complete it's obviously a bot because human people hasn't been able to see it throught their browser.

@Schoumi commented on GitHub (May 19, 2021): Instead of doing captcha for human, I remember, I've read something about showing captcha only for bots in some hidden fields in the page. If the captcha is complete it's obviously a bot because human people hasn't been able to see it throught their browser.

GiteaMirror commented 2025-11-02 06:39:22 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Jun 3, 2021):

Since #12594 merged, I will close this one. Please feel free to reopen it.

@lunny commented on GitHub (Jun 3, 2021): Since #12594 merged, I will close this one. Please feel free to reopen it.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#5886