diff --git a/content/en/admin/config.md b/content/en/admin/config.md index 8e01b334..10814e00 100644 --- a/content/en/admin/config.md +++ b/content/en/admin/config.md @@ -808,6 +808,13 @@ It is important to use a supported file format (JPEG or PNG, not SVG). ## Limits {#limits} +### Anti Spam / Abuse + +#### `HCAPTCHA_SITE_KEY` +#### `HCAPTCHA_SECRET_KEY` + +If set, registrations confirm page will display a captcha, see [Captcha](https://docs.joinmastodon.org/admin/optional/captcha/) + ### Email domains #### `EMAIL_DOMAIN_ALLOWLIST` @@ -870,10 +877,6 @@ Defaults to `https://github.com/$GITHUB_REPOSITORY` #### `FFMPEG_BINARY` -#### `HCAPTCHA_SITE_KEY` - -Set this to your hCaptcha site key to enable captchas on the account confirmation page using hCaptcha. - Defaults to empty value (not enabled) #### `LOCAL_HTTPS` diff --git a/content/en/admin/optional/captcha.md b/content/en/admin/optional/captcha.md new file mode 100644 index 00000000..d16f1484 --- /dev/null +++ b/content/en/admin/optional/captcha.md @@ -0,0 +1,31 @@ +--- +title: Captcha +description: Mitigating automated signup bots +menu: + docs: + weight: 30 + parent: admin-optional +--- + +As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts. +With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process. + +![](/assets/captcha/user-view.png) + +{{< hint style="danger" >}} +For some people, the use of a central CAPTCHA service may be a security and privacy concern. +In addition, CAPTCHA can make the registration process significantly less accessible to some people. +{{}} + +Currently, hCaptcha is the only available provider supported by Mastodon. +Other providers may be added in the future. + +## hCaptcha + +- Create a free hCaptcha account at [hcaptcha.com](https://www.hcaptcha.com) +- After completing registration, generate a Site Key and Site Secret from the hCaptcha dashboard +- Add the values to your Mastodon environment configuration as `HCAPTCHA_SITE_KEY` and `HCAPTCHA_SECRET_KEY` +- Restart the Mastodon services running on your server +- From the Mastodon web interface navigate to **Administration** > **Server settings** > **Registrations** and check the box labled "Require new users to solve a CAPTCHA to confirm their account" + +![](/assets/captcha/admin-view.png) \ No newline at end of file diff --git a/content/en/admin/optional/object-storage.md b/content/en/admin/optional/object-storage.md index 3a48ae0d..67a791f4 100644 --- a/content/en/admin/optional/object-storage.md +++ b/content/en/admin/optional/object-storage.md @@ -1,5 +1,5 @@ --- -title: Configuring object storage +title: Object storage description: Serving user-uploaded files in Mastodon using external object storage menu: docs: diff --git a/content/en/admin/optional/sso.md b/content/en/admin/optional/sso.md index 234fc89a..3c26f2d0 100644 --- a/content/en/admin/optional/sso.md +++ b/content/en/admin/optional/sso.md @@ -2,7 +2,7 @@ title: Single Sign On menu: docs: - weight: 30 + weight: 40 parent: admin-optional --- diff --git a/static/assets/captcha/admin-view.png b/static/assets/captcha/admin-view.png new file mode 100644 index 00000000..611dda1a Binary files /dev/null and b/static/assets/captcha/admin-view.png differ diff --git a/static/assets/captcha/user-view.png b/static/assets/captcha/user-view.png new file mode 100644 index 00000000..637ffe8f Binary files /dev/null and b/static/assets/captcha/user-view.png differ