@markosaric Ooh… Try to avoid hCaptcha; their accessibility is terrible and they extort browser history from people to let them bypass the CAPTCHAs.
If I knew you any worse, using hCaptcha would be enough for me to mistrust your motives.
https://developers.reverseeagle.org/replace/google-recaptcha/ doesn't have many alternatives, unfortunately.
@wizzwizz4 do you have any links on what's wrong with them?
i looked and couldn't find any working alternatives. either google or this so we picked them as they look better and seem that they care more.
cannot have anything good with all the spammers around unfortunately and we had to act quickly so this was best we found...
people need to start making better alternatives to all these tools as websites need to use something and self-hosting is inconvenient in most cases unfortunately...
@markosaric That they do.
I wrote some things about it here: https://fosstodon.org/@spamty/104433536410348970
Basically, you can only use hCaptcha effectively if you are:
• Good at vision (or willing to let hCaptcha track you around the web).
• Not using Tor (because of Cloudflare).
• Lucky – some of their challenges are literally impossible.
• Familiar with American English (to understand the categories used in the puzzles).
we can try and build something of our own but that will take some time and we're short on resources at the moment.
or hopefully if this spam attack stops, we could go back to not have anything at all again.
someone needs to built Plausible-like solution for recaptha 😀
@markosaric There is one: hidden form fields.
@markosaric @wizzwizz4 I'm using shared hosting, so fail2ban is not an option. As I'm using a CMS system I've installed a "honeypot" extension that adds a hidden field (in my case "url") and expects the form fill to be at least 5s. It blocks a lot of bots already, but not all. Maybe I should increase the expected duration.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!