@f0x I use the gitea captchas and no spam so far. But they are inaccessible if you can't see them.

@f0x There is an open issue for adding „honeypot“ form fields and Codeberg is aware of it, so there is a chance it gets implemented soon-ish?

@tastytea i'm implementing it now, with a hacky proxy so I don't have to interact with the gitea codebase itself :)

@starless @forestjohnson oh yeah, I remember that!
Sadly it seems these are people manually creating spam accounts, so none of these solutions really work, short of doing approval based signups :|

@f0x I wonder if a secret password kinda system could work?

Like, "what is the name of the best hacker soda" or "what is the lovable shark plush?"

Wild that humans are making those accounts, though....

@starless ah yes, that could work actually!

@f0x "write me a haiku" connected with pythons syllable thing might be fun, but maybe too easy to scam

@starless we'll see how creative the spammers are :D

@f0x @starless

You are getting spam signup requests from real people? How do you know it's real people and not bots, if you don't mind me asking? I used to have open signup on my old gogs instance and I got hundreds of signups, but none of those users ever did anything. I think they were all bots as far as I could tell.

I was hoping to make a works-without-login version of gitea one day, and I was hoping I wouldn't have to deal with moderation at least for a while (until the gitea server gets much more popular) because the PoW Captcha (https://git.sequentialread.com/forest/pow-captcha) would filter out the bots, and right now I don't think anyone cares about my git server, let alone knows that it exists 😞

@forestjohnson @starless the majority doesn't do anything, but quite a lot of them also create profiles, repos and organizations with various spam messages

I think they're real users because my simple hidden form technique didn't stop them at all. Could also just be more sophisticated botting tho

@f0x @starless I'd be interested to see if the haiku requirement stops them or not. I'm going to build PoW Captcha into a fork of your registration proxy as well, just for fun 😋

@forestjohnson @starless code is now on https://git.pixie.town/f0x/gitea-registration-proxy, should be easy to tweak :)

biggest downside is with just a custom template you can't really get feedback in the html, hence also why a failed haiku sends you to a very bare page