Y
Hacker News
new
|
ask
|
show
|
jobs
by
colejohnson66
1747 days ago
But how do you distinguish an abnormal traffic spike (HN hug-of-death) vs a botnet? Cloudflare’s solution is a CAPTCHA, but are there better options?
3 comments
jgrahamc
1747 days ago
Cloudflare's solution is
not
a CAPTCHA. We have a ton of stuff going on that detects bots. CAPTCHAs are a small part of the tools we use.
https://blog.cloudflare.com/cloudflare-bot-management-machin...
link
colejohnson66
1747 days ago
Sorry. I didn’t mean to imply that you don’t have anything but CAPTCHAs. My wording could’ve been better.
link
geitir
1747 days ago
Do you have a scraper that looks for mentions of Cloudflare or did you just happen upon this?
link
jgrahamc
1747 days ago
Yeah. I use something like this:
https://github.com/jgrahamc/hncomments
Although I really need to commit the final version as that one isn't quite what I use.
link
mleonhard
1747 days ago
Cloudflare uses CAPTCHA to drive away proxy users. Privacy conflicts with Cloudflare's endgame of profiling every Internet user and then monetizing that data.
link
smasher164
1747 days ago
An attack-resistant trust metric? Although I haven’t seen them used against denial of service attacks.
link
aj3
1747 days ago
Generally you don't. Just be prepared to scale resources and handle everyone.
link