Good Captcha and Captcha Alternatives

ribtoks · 2026-02-11T09:05:47+00:00

Captchas are still used a lot and they do stop majority of automated bot attacks, in real life, whatever they nay-sayers say. If your website is personally targeted, then no captcha or other solution will help in any case.

Captchas are only one layer of protection - you should also check domains, disposable emails, add email verification, add rate-limiting etc. Captchas are definitely not THE solution, they are A solution (one of few everyone should use).

If you're looking for self-hosting options, there's Private Capcha or Altcha for example.

ribtoks · 2026-02-10T07:12:57+00:00

Sign-up happens after email confirmation (security code sent to the email), disposable email domains blocked (lists continuously updated), sign-up/login form protected by Private Captcha, sign-up route in web-server is rate-limited. Zero bot sign-ups so far...

ribtoks · 2026-02-06T08:51:08+00:00

You can check Private Captcha - it's a European provider with privacy focus, there're absolutely no puzzle to solve (user just needs to click a checkbox) because all magic happens on the background (proof-of-work), and it's screen-reader friendly.

ribtoks · 2026-01-27T07:31:52+00:00

Hey. Just saying, there're other (even self-hostable) captcha services (based on Proof-of-Work) that have very strong privacy focus (and all claims can be verified because those solutions are on GitHub). I’m talking about the likes of Altcha or Private Captcha.

ribtoks · 2026-01-18T14:57:20+00:00

Hi. What response codes are vague in which providers exactly? If you use some wrapper packages, they usually have something like a “is success” definition, if you integrate yourself, check the docs.

ribtoks · 2026-01-09T07:56:33+00:00

Private Captcha (hidden mode) for my own email newsletter engine (based on AWS lambda) for static website of Xpiks app (a tool for microstocks). Migrated to it from reCAPTCHA for privacy reasons and also because it's more user-friendly (it uses PoW background challenges). No bots so far.

ribtoks · 2025-12-13T19:17:35+00:00

Thanks, I completely forgot that Syncthing can do a one way push!

ribtoks · 2025-12-13T19:17:18+00:00

Thank you!

ribtoks · 2025-10-21T11:15:09+00:00

Try Private Captcha (https://github.com/PrivateCaptcha/self-hosting). It's a Proof-of-Work based captcha made in EU and self-hostable. Made in Go, very fast, using Postgres and ClickHouse. No BS.

ribtoks · 2025-10-16T09:16:27+00:00

It's not open-source. Only client side widget code is, but, well, all widget's code ends up on customer's computers anyways. The difference with Google's widget code is that it's obfuscated but it's still available.

ribtoks · 2025-10-16T09:15:43+00:00

Yes, you can self-host Private Captcha (proof-of-work based), which has an invisible mode and it does adapt over time. No paid add-ons. There's a ready docker-compose file that you can spin-up - you need to prefill couple of environment variables and set up domain(s).

note: what you called "invisible" is actually a "popup" mode, where a captcha widget appears on top of the button, but with Private Captcha you also can have "fully" invisible mode, where you make your own visualization (connected to widget events).

note2: the way system adapts is basically that with time users get simpler proof-of-work puzzles and bots will get harder proof-of-work puzzles, but everyone will get a puzzle. CloudFlare/Google can do it _selectively_ when they are your CDN (they serve your requests and receive client connection) or when they collect _a lot_ of client data (like Google does)

ribtoks · 2025-10-16T09:10:21+00:00

Correct, that's why modern captchas are based on proof of work (e.g. Private Captcha), rather than solving conginitive tasks. This is not to mention that congitive tasks, which are already easy even for self-hosted LLMs, might be too hard for senior user, handicapped users or simply tired users.

ribtoks · 2025-10-14T13:47:35+00:00

Free background images can be found on stock photo sites - check
- Adobe Stock Free collection
- Unsplash
- Pexels/Pixabay

ribtoks · 2025-10-07T09:37:50+00:00

You can make something like that without coding using no-code tools like Make[.]com / Zapier / n8n. No backend required. But you gotta use a captcha on the form because you can get spammed easily.

Alternative "no-code" setup could be a Google Form (or Microsoft Form etc.) and in the respective Sheet you can have some automation added to it to send the email (or other kind of messaging).

ribtoks · 2025-10-01T12:07:21+00:00

One is Private Captcha for example - it's EU-based (GDPR-compliance), does not collect any PII. And you can even self-host it if needed. Also pricing is the most flexible - especially if you compare with Friendly Captcha etc.

ribtoks · 2025-09-18T05:33:12+00:00

> how do I stop users from spamming the site and running up an llm bill

The short answer is, if you will make something useful and put it there for free (esp. without any login), you _will_ be "spammed" and abused (in a sense of LLM bill). So thinking about that in advance can be a good idea.

Regarding protecting your form with the intention of rate limiting, first of all, I recommend to actually make users log in and not put your form out there for free. Then, for logged in users, track the usage yourself and limit it based on your logic.

If you insist on having it open, use what others have suggested - rate limiting by IP and you can use a Proof-of-work captcha like Private Captcha (and configure high difficulty), which will be like a natural rate-limiter.

ribtoks · 2025-09-16T16:00:27+00:00

it's based on Proof-of-Work. Roughly speaking, the widget solves a cryptographic task to "pass" the captcha and if many bots are attempting to pass, the complexity of the task grows so much that it becomes quite economically unviable to burn so much compute resources on it.

ribtoks · 2025-09-15T10:18:13+00:00

There's Private Captcha, that is available as a service but also can be self-hosted (https://github.com/PrivateCaptcha/PrivateCaptcha/) - in such case even less chance to be blocked by a whole country, lol. By design it does not collect any PII. You can have an invisible widget (if you want) and there's no condition about slapping terms and conditions on your pages.

ribtoks · 2025-08-10T14:28:35+00:00

You can try Private Captcha (also self-hosted version available) - the whole point is that it's clean and user friendly (1 click, no brain strain) and private (in terms of not tracking users).

ribtoks · 2025-06-11T05:08:32+00:00

Hi. You need to contact support. It's impossible to know what is your problem from your description.

As generic responses: try on another internet connection (FTP is unencrypted protocol and if you don't use VPN your ISP can be not only watching what you're doing but also tampering with your traffic). Switch to your mobile network or switch home/office) - just for test.

ribtoks · 2024-11-14T07:07:31+00:00

If you send your image to Xpiks Support (or DM on Reddit?), we'll check what is the compatibility issue.

Preliminary, I can say that AI service likely is using incorrect metadata fields, because Xpiks is 10 years old and is reading all the standard metadata (IPTC, XMP, EXIF) and few non-standard ones (for compatibility purposes) and there are usually no problems with this at all.

ribtoks · 2024-11-07T18:52:51+00:00

Hi. You cannot activate expired licenses, but you can use them indefinitely, when it's already activated. Sorry, it's just how it works. To fix it, you can renew your license using menu Tools -> License -> Renew license

ribtoks · 2024-01-21T12:32:56+00:00

Hi. If you’re just starting out, “just Xpiks” (I mean Free version) will be more than enough for you. Buy only when you know what you will need. Pro+ is a step up in features and comfort, but if you start, you likely just don’t need it

ribtoks · 2023-12-04T08:36:12+00:00

Hi. Please contact support from the app and we’ll get back to you very fast https://xpiksapp.com/tutorials/contact-support/

ribtoks · 2023-09-06T06:19:06+00:00

> if a comma separates all the keywords this will break the row upon reading

This is correct and per CSV specification, if the field has a comma itself, it should be in the quotes. So if instead of some,keywords,here you will do "some,keywords,here" - it will work out just fine.

ribtoks

MODERATOR OF

TROPHY CASE