On Thu, Mar 28, 2013 at 11:32 PM, Dan Fisher <danfisher261(a)gmail.com> wrote:
Here's one idea: If a
certain IP address fails the captchas a specified number of times in 5
minutes or so, it should be banned temporarily for say, 24 hours (through
htaccess or firewall etc).
Humans regularly get CAPTCHAs wrong, and they often do so multiple times
(if you have any elderly relatives, feel free to see how many tries it
takes them to solve a reCAPTCHA one). Blocking them from even viewing your
site for a day seems a little extreme.
Is there an actual problem you're trying to solve here? Is there any
indication that spam bots are affecting your site's performance? If not,
worrying about this is probably a waste of your time.