Tuesday, June 11, 2024

Re: Rate limit the httpd web server for signup requests

Jun 12, 2024 00:56:47 Martin <iio7@protonmail.com>:

> A simple CAPTCHA reduces some of the irrelevant noise, but the more
> sophisticated bots solves the CAPTCHA.
>
> Using Cloudflare's or Google's CAPTCHA is frowned upon by the real
> users, which I fully understand.
>
> So I was wondering, if some other clever method can reduce the noise?


Testing and knowing all the possible solutions to fight "3rd kind intelligence spammers"
seems a little overwhelming to me, it appears to me like the story to search for a firewall that solve
every security problem. Indeed just consider that a parameter of curl allow you to simulate any
post submission. And the problem eventually could be exactly this, the why of the existance
of these advanced clients tools. [ ... ]

For now, I just implememted my own captcha asking to solve a simple math and that
eventually can be enriched for future research.. Some simple php code, easy stuff, happy to share it.

-Dan

No comments:

Post a Comment