marcus Posted July 3, 2014 Share Posted July 3, 2014 Haven't found the the time to look into this in detail – but it sounds interesting at first glance (and maybe PW-module-worthy). https://hashcash.io/ - by making user's browser solve math you will limit the amount of spam, secure your site against brute force attacks Any expericences? Link to comment Share on other sites More sharing options...
dragan Posted July 3, 2014 Share Posted July 3, 2014 I don't get it. It's way too slow. Who wants to wait 10-15 seconds until you can proceed with a form? I'm not saying captchas are better, but this surely isn't the final solution to stop spammers / brute-force attacks either. Also, when using a bogus email-address @ http://wpdemo.hashcash.io/ it didn't detect it as such. Link to comment Share on other sites More sharing options...
marcus Posted July 3, 2014 Author Share Posted July 3, 2014 When I was testing it, the django demo took about 3 - 4 seconds, which could be acceptable in some situations. Solving a captcha would at least take the same amount of time, but would bear the potential of errors. 10 - 15 s is way too much, I agree. Link to comment Share on other sites More sharing options...
LostKobrakai Posted July 3, 2014 Share Posted July 3, 2014 I don't get it, too. Sounds a bit like using your viewers as bitcoin mines. Nothing I wanted a website to do on my computer. Quite as unpleasent as recaptcha is using it's users to identify housenumbers for google. Link to comment Share on other sites More sharing options...
pkaroukin Posted July 6, 2014 Share Posted July 6, 2014 10-15 seconds is adjustable. This is default settings. You can make it smaller or bigger depending on amount of spam or attacks your are getting. Setting it to very small value will still deter many bots who do not run Javascript at all. Now regarding waiting. Just registering on this forum to answer in this topic I had to answer question, enter reCaptcha and wait for validation mail. both took definitely more than 15 seconds. I would say it make sense to set complexity (i.e. amount of work necessary) dynamically based on what form is that (i.e. make it harder on registration form,) what is user level on forum is (if they have many posts - make complexity minimum or remove it altogether,) etc. I just started this project and gathering feedback. I am already implementing some features people asked for, so feel free to ask questions please As for bitcoin mining - you are very close. It is actually dogecoin proof-of-work. Basically idea is that each interaction you do with website cost you something. Once I understand that each interaction I do comes with cost - I would think twice before posting junk. And obviously it makes job of bots even more expensive, since they need to post tons of spam to get their rankings/leads/subscriptions. Anyway, if someone have questions - I am always available at pavelkaroukin@gmail.com 1 Link to comment Share on other sites More sharing options...
Recommended Posts