No perfect solution exists, but the following may help.
1) Parse the logs of your web application and ban any IP that attempts
to create multiple accounts. Not great because you may have multiple
users sharing the same public IP. It only works ok if you automate it
via cronjob scripts.
2) Require the user to provide an external means of identification (such
as an email address or a phone number) whose existence must be verified
before his account is activated. Not great because bots may use
disposable addresses/numbers, it delays the activation for legitimate
users, and it requires more effort to implement than 1).
3) Alternative capchas. If your site is not that big of a target, you
can get away with some naive captcha (such as Captcheck) without
annoying your users too much. The problem is (as you have already
noticed) naive captchas are not that hard to break for persistent bots;
meanwhile complex captchas are bad for users. Maybe try different
capctha solutions until you find one that sticks.
Martin wrote:
> But what useful methods exists that prevent spamming a HTML signup form
> from stuffing the database with useless signups?
No comments:
Post a Comment