On Fri, Mar 1, 2013 at 9:59 PM, Marco Cirillo <[email protected]> wrote: > expecially to the "high usage" ones (possibly more, > those with unprotected IBR)... Did you actually ever make a census of how > many of your concurrent users are actual human beings..?
It's not immediately clear to me how one would reliably do this - do you have any suggestions? > Finally, moving forward on the "how to protect account registration", > there're several very effective measures one of which is CAPTCHA (and that > needs to be done right, implementations like ejabberd's .. just aren't > appropriate ..) but alone that doesn't do it obviously, you should put some > more verification layers after that. I personally employ a long-strict > captcha on the site form, plus an additional e-mail token verification and > several timeframe checks (e.g. the user has to verify the account within 5 > minutes and has to do some copy & pasting...). This sounds very thorough (and entirely reasonable). Is your setup for doing this generally available so other servers could take advantage of similar systems? /K
