Could forum.dlang.org remember how many captchas I filled out?
cy via Digitalmars-d
digitalmars-d at puremagic.com
Tue May 24 09:36:36 PDT 2016
On Tuesday, 24 May 2016 at 12:59:39 UTC, Basile B. wrote:
> One thing that could be done is to disable the spam checker
> when the user is registered. As a counter part registering must
> be very strong: image capcha + text capcha + guess the code
> result + ?
Yes, that's the reason the spam checker shouldn't just be
disabled when the user is registered. But what can be done is
adding a counter of every time a captcha is filled out correctly.
Once they've done that enough, no prompt to guess the code again.
Then you wouldn't have to arbitrarily decide what a "strong"
challenge is and just hope that it's solvable, and nobody
circumvents it. Instead, you could continue to challenge them
after registering, and you can record their success in stages.
There's other tricks you can use to make life harder for
spammers. Tracking how long people have had their accounts for
instance, and only showing captchas and limiting post rate to new
accounts. Spammers would, of course, cache up a million unused
accounts then, and start firing them once they're old enough. But
you can measure how often they've posted, and combine that with
account age to get a good idea.
You can use stronger captchas too, and more difficult to solve
puzzles, if people won't keep being asked to solve them beyond a
certain point. Even if spammers turn their supercomputers and
south asian sweatshop workers to solving your captchas, making it
harder for them costs them money and power, and all you have to
do is make it not worth the trouble before they'll either run out
of money, or go away.
More information about the Digitalmars-d
mailing list