31 lines
1.3 KiB
Markdown
31 lines
1.3 KiB
Markdown
|
---
|
||
|
title: Captcha
|
||
|
description: Mitigating automated signup bots
|
||
|
menu:
|
||
|
docs:
|
||
|
weight: 30
|
||
|
parent: admin-optional
|
||
|
---
|
||
|
|
||
|
As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts.
|
||
|
With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process.
|
||
|
|
||
|
![](/assets/captcha/user-view.png)
|
||
|
|
||
|
{{< hint style="danger" >}}
|
||
|
For some people, the use of a central CAPTCHA service may be a security and privacy concern.
|
||
|
In addition, CAPTCHA can make the registration process significantly less accessible to some people.
|
||
|
{{</ hint >}}
|
||
|
|
||
|
Currently, hCaptcha is the only available provider supported by Mastodon.
|
||
|
Other providers may be added in the future.
|
||
|
|
||
|
## hCaptcha
|
||
|
|
||
|
- Create a free hCaptcha account at [hcaptcha.com](https://www.hcaptcha.com)
|
||
|
- After completing registration, generate a Site Key and Site Secret from the hCaptcha dashboard
|
||
|
- Add the values to your Mastodon environment configuration as `HCAPTCHA_SITE_KEY` and `HCAPTCHA_SECRET_KEY`
|
||
|
- Restart the Mastodon services running on your server
|
||
|
- From the Mastodon web interface navigate to **Administration** > **Server settings** > **Registrations** and check the box labled "Require new users to solve a CAPTCHA to confirm their account"
|
||
|
|
||
|
![](/assets/captcha/admin-view.png)
|