Il 03/02/2014 19:13, Kevin Smith ha scritto:
On Mon, Feb 3, 2014 at 6:03 PM, Marco Cirillo <mara...@lightwitch.org> wrote:Registration form with a long complex captcha + DEA filter + ip address based throttling, E-Mail verification + 1 Mail Address associated per XMPP account.Some of these (IP throttling, limit per email address) help multiple registrations on a single server, but not farming registrations across the network (not that this makes them bad things).Wards off 99% of Spam Registrations on lightwitch.org alone.Ah, this is good - I don't think anyone else is collecting statistics on how this stuff works (if they are, please share). Do you have a breakdown of how the different preventions contribute to the 99%, and how do you detect the remaining 1% (and gain confidence that there are none not detected)? /K
From what I could observe, Long captcha - around 50%, mainly 70% of automated bot registrationsE-Mail verification - Mainly 30%, This wards off the remaining bots which manage to OCR the captcha but can't deal with verifying E-Mails. DSA Filters + IP Throttling - By 19%, this mainly deals with Human solvers attempting to use DEAs to register spammy addresses.
The remaining 1% usually it's still human solvers either using mail providers e.g. yahoo or gmail, or DEA Services I don't have the "fingerprint of" but it's usually easy enough to catch 'em with periodic log checks and zap 'em therefore.
-- *Marco Cirillo* /LW.Org/LW.Org IM Owner & Head Developer/ /Metronome IM Project Mantainer/Developer/ /Jappix Mantainer/Developer/ http://lightwitch.org
smime.p7s
Description: Firma crittografica S/MIME