Hacker News new | ask | show | jobs
by shanecleveland 3033 days ago
Agreed. A honeypot worked 100% for me for a long time. I had a bot start to slip through, somehow, so I added an additional layer of protection. I began checking server side for the time between initial request for the page to submit. If less than five seconds, the submission fails. Still a simple idea, but the execution is a little more complex.
1 comments
memco 3033 days ago
I'm sure you probably tested this with your particular needs, but just in case you haven't: five seconds is a long time and there are many forms that can be filled out by humans in less than that. I stepped on my own toes once setting what I considered to be reasonable minimums until I tried to use my own site and found myself getting blocked because I was submitting requests too fast.
link
shanecleveland 3033 days ago
Thank you. Yes. Excellent point. The particular form I needed this for is moderately involved, so I erred on the longer side. I suspect a spambot wouldn't want to intentionally throttle itself, but they may introduce a one- or two-second delay if this becomes common enough. Definitely have to tailor it to the form.
link