There is no Captcha, but here's what I do to secure my server.
Step 1: Get a dynamic DNS address
Step 2: add your dynamic DNS hostname to /etc/csf/csf.dyndns
Step 3: Remove ports 2030,2031, 2086, 2087 from TCP_IN/TCP6_IN in /etc/csf/csf.conf
Restart the Firewall.
By being in the dyndns, you are able to bypass the firewall completely, so you have access to those ports, so they do not need to be open to the public.