[nycphp-talk] Rate limiters for sign ups for a site.
Ben Sgro
ben at projectskyline.com
Mon Aug 15 10:14:28 EDT 2011
Hello Anthony,
Have you implemented CAPTCHAs?If you have not, that might help curb some of the automated account creation. Also, you could add in an email verification step to the account sign-up process.
Can you give more details on what techniques you've tried and what (if any) framework or libs (cake, zend, etc)
you might be working with.
As far as rate limiting via IP, not sure, but you can imagine how that could lead to DoS for some clients behind a large corporate IP or ISP. I'm not sure what the de facto timeout it is for that sort of setup or how the software should handle it. Does this site receive "high traffic?" or traffic from only one company or subnet? Or is this a site accessible to all?
Good luck!
- Ben
On Aug 15, 2011, at 9:45 AM, Anthony Wlodarski wrote:
> I'm having a problem with spam bots and am currently research how to build an effective rate limiter for our sign up form. Currently I am leaning towards IP based limits (with a certain time criteria). Has anyone ever had problems with this type of rate limit and corporate proxies/firewalls where every user has the same IP address? Also if anyone has any interesting articles about this type of rate/velocity limiting I would be interesting in learning more.
>
> Regards,
> Anthony
>
> --
> Anthony Wlodarski
> Lead Software Engineer
> Get2Know.me (http://www.get2know.me)
> Office: 646-285-0500 x217
> Fax: 646-285-0400
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
More information about the talk
mailing list