On 2014-12-03 8:35 PM, Robert Rohde wrote:
However, captchas might be useful if used in
conjunction with simple
behavioral analysis, such as rate limiters. For example, if an IP is
creating a lot of accounts or editing at a high rate of speed, those are
bad signs.
Don't we already do rate limiting by IP for account creation? In
fact I
seem to recall we have a page where people have to ask for temporary
whitelisting of IPs like those used at a hackathon's Wi-Fi point where
large numbers of users legitimately sign up.
I'm pretty sure the users making large amounts of malicious accounts use
a bunch of proxies so they don't have to worry about rate limits.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]