Re: Rate limit the httpd web server for signup requests

2024-06-13 Thread Crystal Kolipe
On Tue, Jun 11, 2024 at 10:41:33PM +, Martin wrote: > But what useful methods exists that prevent spamming a HTML signup form > from stuffing the database with useless signups? > > Naturally the accounts that haven't been validated one way or another > gets deleted, but the initial signup is a

Re: Rate limit the httpd web server for signup requests

2024-06-13 Thread Chris Bennett
On Thu, Jun 13, 2024 at 04:30:27AM -0700, Paul Pace wrote: > On 6/12/24 10:32 PM, Chris Bennett wrote: > > It's not perfect, but I have a long list of regexes that I know are spam > > that I have my Perl code that processes the form block. Trying to block > > from a log is not very helpful. It can

Re: Rate limit the httpd web server for signup requests

2024-06-13 Thread Paul Pace
On 6/12/24 10:32 PM, Chris Bennett wrote: It's not perfect, but I have a long list of regexes that I know are spam that I have my Perl code that processes the form block. Trying to block from a log is not very helpful. It can let through thousands of the same spam attempts before the log catches

Re: Rate limit the httpd web server for signup requests

2024-06-12 Thread Chris Bennett
On Tue, Jun 11, 2024 at 10:41:33PM +, Martin wrote: > I already do some rate limiting with stateful tracking options for PF, > which works really great for the stuff I use it for. > > I also use block lists of known bad IP addresses etc. > > But what useful methods exists that prevent spammin

Re: Rate limit the httpd web server for signup requests

2024-06-12 Thread Dan
Jun 12, 2024 00:56:47 Martin : > A simple CAPTCHA reduces some of the irrelevant noise, but the more > sophisticated bots solves the CAPTCHA. > > Using Cloudflare's or Google's CAPTCHA is frowned upon by the real > users, which I fully understand. > > So I was wondering, if some other clever metho

Re: Rate limit the httpd web server for signup requests

2024-06-12 Thread Rubén Llorente
No perfect solution exists, but the following may help. 1) Parse the logs of your web application and ban any IP that attempts to create multiple accounts. Not great because you may have multiple users sharing the same public IP. It only works ok if you automate it via cronjob scripts. 2) Re

Re: Rate limit the httpd web server for signup requests

2024-06-11 Thread Paul Pace
On 2024-06-11 15:41, Martin wrote: I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuff

Rate limit the httpd web server for signup requests

2024-06-11 Thread Martin
I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups