1

I want to implement a solution to limit the number of Website Joins can be made by one user. I thought of tracking IP address but these are to generic now.

I'm now looking to set a cookie and increment for each join and then block joins at say 5 from one machine per day. Does anyone have any thoughts around this being a good/poor idea?

use something like:

setcookie("w3resource", $cookie_value, time()+3600, "/home/your_usename/", "example.com", 1, 1);

Is this a fair way to try to prevent automated account creations.

Then apart from a captcha (can anyone recommend one that is hard to break) what other measures could I use to prevent automated account creation?

thx

Andy
  • 576
  • 2
  • 8
  • 18
Adam
  • 19,932
  • 36
  • 124
  • 207
  • What happens when the user clears there cookies... this system would be very easy to bypass and going with IP would be a better solution – Josh Kirkpatrick Jun 23 '15 at 09:26
  • restricting people to 5 pageviews a day is a very strange thing to do tbh, you want as many page views as you can get per day, no? Google has a nice captcha system which doesn't even require user input. just a button click. thought I heared it was tough to crack. https://www.google.com/recaptcha/intro/index.html – Gerton Jun 23 '15 at 09:27

1 Answers1

1

You are basically trying to rate limit access to your web application. There is a nice article on codinghorror.com showcasing the different options you have to rate limit.

Getting more technical you have to decide whether you want rate limiting to be done by your web server or by your own implementation.

If you roll your own solution, I'd recommend to have stacked rate limits. E.g. 5 sign up attempts per minute, if exceeded 20 per hour, if exceeded 30 per day, etc. Heres a simple algorithm (albeit its written in python) that should get you going.

Community
  • 1
  • 1
Fabian Kleiser
  • 2,988
  • 3
  • 27
  • 44