Add captcha to prevent spam

We're still getting a lot of spam on GitLab.com

We're done a lot in https://dev.gitlab.org/gitlab/organization/issues/279 but it keeps coming.

I got this from Google:

"User-generated spam detected on http://www.gitlab.com/

To: Webmaster of http://www.gitlab.com/,

Google has detected user-generated content on your site that is either malicious or of no value to Google Search users. This type of content leverages your site’s reputation to promote spam rather than the actual subject matter of your site. Therefore, Google has applied a manual spam action to gitlab.com/adwfvbxnza45s/. This also causes your site’s URLs to appear for queries not related to your actual site content, lowering the quality of search results for Google Search users, and thereby also impacting your site’s reputation and ranking. For that reason, we strongly advise you to remove the spam and file a reconsideration request. After we evaluate your site and determine that you have complied with our guidelines, we will remove this manual action."

I think we should implement https://www.google.com/recaptcha/intro/index.html for creating new non-oauth accounts. The recaptcha credentials can be set on the admin settings page.

/cc @JobV @dzaporozhets

Milestone changed to 8.3

Hope this can make a difference. So far, most of it seems to be posted slowly (manually?). However, this will certainly help in the future.

Should be off and hidden by default.

I do not believe it is manual. It is slow because it is rate limited to prevent detection.

@patricio how do I report group spam https://gitlab.com/groups/zcsde ?

@sytses there is no way to report a group. Just a user. I'll take care of that group now.

Thanks @patricio

This was implemented in !2216 (merged) and !2231 (merged) and was rolled out in GitLab 8.3.2 today.

Status changed to closed

mentioned in issue #5573 (moved)