this post was submitted on 20 Jun 2023
174 points (98.3% liked)
sh.itjust.works Main Community
7705 readers
3 users here now
Home of the sh.itjust.works instance.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This happened to me, although luckily I managed to turn off registration after about 80 signups. I did have email verification enabled but noticed that every single email address was fake/the email bounced, so they havent been able to verify the accounts and post.
I have now enabled applications (along with email verification) - does anyone have any opinion on using captcha instead of applications? I feel like captcha has already been defeated by bots.
Fwiw the captcha support in lemmy is probably going away soon. It needs to be reimplemented into another database table (or something like that) anyway. Given that it is too hard for many humans, too easy for many bots, and devs are slammed with work, makes more sense to delete as a first step
I don't have the time right now but someone should double check if captcha rework is in the GitHub issues as well so that they not only remove it but keep track of redoing it later as well...
Captcha is seemingly what is protecting this instance. Although it is bypassable in theory, it's working for us right now.
As the other commenters mentioned they are planning to remove Captcha in the next update but also other people have created an issue on GitHub to keep Captcha.
Bypassing captcha is technically possible but very hard, hard enough that it doesn't make sense financially to do it. Keeping it is a must. If they do end up removing it, we need to add it back in (actually not that hard to do)