I signed up for ReCaptcha via Google and have implemented it
successfully. I was hesitant to use it based on the ease of which it
can be defeated by OCR software but it is getting harder and harder for
bots as well as humans to decipher the images. I am going to seriously
consider (well more like definitely implement but just have to plan it)
email verification. The ReCaptcha is coupled with Zend Framework. I
extended the Zend_Service_ReCaptcha class ass I wanted to provide a
custom theme for the class and I do have to say that it is working out
quite well.
I do also see now how IP limiting would definitely lead to DoS for some
clients and the site is accessible to all. I plan to write up how to
extend the Zend class at the end of the day. I'll post a link to my
blog by the end of the day.
-Anthony
On 08/15/2011 10:14 AM, Ben Sgro wrote:
Hello Anthony,
Have you implemented CAPTCHAs?If you have not, that might help curb some of the
automated account creation. Also, you could add in an email verification step
to the account sign-up process.
Can you give more details on what techniques you've tried and what (if any)
framework or libs (cake, zend, etc)
you might be working with.
As far as rate limiting via IP, not sure, but you can imagine how that could lead to DoS
for some clients behind a large corporate IP or ISP. I'm not sure what the de facto
timeout it is for that sort of setup or how the software should handle it. Does this site
receive "high traffic?" or traffic from only one company or subnet? Or is this
a site accessible to all?
Good luck!
- Ben
On Aug 15, 2011, at 9:45 AM, Anthony Wlodarski wrote:
I'm having a problem with spam bots and am currently research how to build an
effective rate limiter for our sign up form. Currently I am leaning towards IP
based limits (with a certain time criteria). Has anyone ever had problems with
this type of rate limit and corporate proxies/firewalls where every user has
the same IP address? Also if anyone has any interesting articles about this
type of rate/velocity limiting I would be interesting in learning more.
Regards,
Anthony
--
Anthony Wlodarski
Lead Software Engineer
Get2Know.me (http://www.get2know.me)
Office: 646-285-0500 x217
Fax: 646-285-0400
_______________________________________________
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/Show-Participation
_______________________________________________
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/Show-Participation
--
Anthony Wlodarski
Lead Software Engineer
Get2Know.me (http://www.get2know.me)
Office: 646-285-0500 x217
Fax: 646-285-0400
_______________________________________________
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/Show-Participation
