Registrations are back!

Hello users!

Registrations are now back after a long period of being disabled. As you may have noticed, there was a large attack in which hundreds of thousands of accounts were registered in a couple days.

The abuser was able to bypass the terrible captcha that mod_web_register provides by default. It’s unfortunately easy to guess and as we saw, a person with enough dedication can make a script to spam register. As of now I’ve enabled Google’s recaptcha (begrudgingly) as a workaround for now. The public and private keys for that are injected via our prosody-secrets.sh script if you’re curious. The configuration on our GitHub did not need to be updated for this. We haven’t had much time to modify the Lua of the module, but plan to in the future with our git fork of the code github.com/crypto-world/mod_register_web. If you’d like to contribute to that, we’d greatly appreciate it. If you have any questions don’t hesitate to contact!

~ Lunar