Hi Philipp, On 3/07/2025 14:29, Philipp Marek wrote:
Hi Georgiy,
The new installation currently does not support the link-via-IRC method, I imagine that we could reinstate it.
Last time we discussed that, there was some concern as to whether link-via-IRC may be "too hard" for legitimate users, given how few people know about/use IRC these days.
AFAIR we had a link to IRC via web there.
I guess anything less obscure is too easy for the bots, especially if there is no media break in there (ie a http based captcha or so).
I could imagine having the client solve some challenge, eg. finding some SHA256 HMAC key so that a server generated random token comes up with 24 zero bits in front or so -- perhaps that's too expensive (ie. runs into timeouts) for spammer bots?
Currently, GitLab registration is behind a combination of Anubis <https://anubis.techaro.lol/> and reCaptcha. Anubis provides a challenge like the one you described (N zero bits of a hash).