1.4 KiB
1.4 KiB
title | description | menu | ||||||
---|---|---|---|---|---|---|---|---|
Captcha | Mitigating automated signup bots |
|
As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts. With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process.
{{< hint style="danger" >}} For some people, the use of a central CAPTCHA service may be a security and privacy concern. In addition, CAPTCHA can make the registration process significantly less accessible to some people. {{</ hint >}}
Currently, hCaptcha is the only available provider supported by Mastodon. Other providers may be added in the future.
hCaptcha
- Create a free hCaptcha account at hcaptcha.com
- After completing registration, use the hCaptcha dashboard to add a new site with your Mastodon server domain and obtain a Site Key
- From the Account Settings menu in hCaptcha, obtain your Secret Key
- Add the values to your Mastodon environment configuration as
HCAPTCHA_SITE_KEY
andHCAPTCHA_SECRET_KEY
- Restart the Mastodon services running on your server
- From the Mastodon web interface navigate to Administration > Server settings > Registrations and check the box labled "Require new users to solve a CAPTCHA to confirm their account"