Gitlab Invisible reCAPTCHA - How to determine if it is working

Hi all,

Hopefully you can help, or point me in the correct location.

Our self hosted Gitlab environment is currently suffering SPAM BOT accounts being registered, some getting potentially offensive.
We’re looking for ways to combat this.

We’ve had reCAPTCHA enabled, but this doesn’t appear to help much, so having investigated this issue, found the interesting option for invisible reCAPTCHA.

So, enabled this with the commands:

sudo gitlab-rails console
Feature.enable(:invisible_captcha)
Feature.enabled?(:invisible_captcha)

Then, logged into the GUI, browsed to the web interface and logging in as an administrator user,
accessed the admin area and from the left hand menu, settings → reporting
Expand the SPAM and Anti Bot Protection and check the invisible reCAPTCHA enable box.
Made sure to uncheck the reCAPTCHA option, since according to that URL above, this needs to be disabled.

However, we’re sill seeing BOT accounts being created.

Is it possible to determine if invisible reCAPTCHA is doing anything? Been looking around to try and find logs, which would let us know if it’s doing anything, but there doesn’t seem to be anything logged?

Can you assist?

Currently running the following setup.

System information
System: RedHatEnterpriseServer 7.9
Using RVM: no
Ruby Version: 2.7.2p137
Gem Version: 3.1.4
Bundler Version:2.1.4
Rake Version: 13.0.3
Redis Version: 5.0.9
Git Version: 2.29.0
Sidekiq Version:5.2.9
Go Version: unknown

GitLab information
Version: 13.8.0
Revision: 0ce33bd2eaa
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 12.4
Using LDAP: yes
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version: 13.15.0
Repository storage paths:

  • default: /srv/git-data/repositories
    GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
    Git: /opt/gitlab/embedded/bin/git