|
|
|
|
|
|
by remram
563 days ago
|
|
|
Agree on the first part, but for the second... I think it depends on what your threat model is. If you want to stop a dedicated attacker ready to spend time to attack your site, it won't work, but nothing will. If you want to stop a generic bot going over the internet and submitting all forms it finds with spam, this will work, and might even work better than wide-spread solution for which the bot has a countermeasure. It has the advantage of being novel for the user rather than doing the same Google/Cloudflare/... CAPTCHA for the 10th time that day. |
|
|