|
|
|
|
|
|
by kuasha
4809 days ago
|
|
|
Thanks. CAPTCHA/CSRF is not an option since it is meant to be an API called from applications. As a precaution make a phone call to verify the user. That guy went through all the things and theoretically we can actually track him down(costly though). I have blacklisted the phone- question is how many phone numbers do he have :). Added a per day free call limit to stop this for future attempts. |
|
|