Hopefully you can help, or point me in the correct location.
Our self hosted Gitlab environment is currently suffering SPAM BOT accounts being registered, some getting potentially offensive.
We’re looking for ways to combat this.
We’ve had reCAPTCHA enabled, but this doesn’t appear to help much, so having investigated this issue, found the interesting option for invisible reCAPTCHA.
So, enabled this with the commands:
sudo gitlab-rails console
Then, logged into the GUI, browsed to the web interface and logging in as an administrator user,
accessed the admin area and from the left hand menu, settings → reporting
Expand the SPAM and Anti Bot Protection and check the invisible reCAPTCHA enable box.
Made sure to uncheck the reCAPTCHA option, since according to that URL above, this needs to be disabled.
However, we’re sill seeing BOT accounts being created.
Is it possible to determine if invisible reCAPTCHA is doing anything? Been looking around to try and find logs, which would let us know if it’s doing anything, but there doesn’t seem to be anything logged?
Can you assist?
Currently running the following setup.
System: RedHatEnterpriseServer 7.9
Using RVM: no
Ruby Version: 2.7.2p137
Gem Version: 3.1.4
Rake Version: 13.0.3
Redis Version: 5.0.9
Git Version: 2.29.0
Go Version: unknown
DB Adapter: PostgreSQL
DB Version: 12.4
Using LDAP: yes
Using Omniauth: yes
Repository storage paths:
- default: /srv/git-data/repositories
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell