Deleted

  • SirEDCaLot@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    I’d do a few things.

    First, make signing up computationally expensive. Some javascript that would have to run client side, like a crypto miner or something, and deliver proof to the server that some significant amount of CPU power was used.

    Second, some type of CAPTCHA. ReCaptcha with the settings turned up a bit is a good way to go.

    Third, IP address reputation checks. Check IP addresses for known spam servers, it’s the same thing email servers do. There’s realtime blacklists you can query against. If the client IP is on them, don’t allow registration but only allow application to register.

    • Spzi@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      make signing up computationally expensive. Some javascript that would have to run client side, like a crypto miner or something, and deliver proof to the server that some significant amount of CPU power was used.

      Haha, I like this one! Had to strike a balance between ‘make it annoying enough to deter bots’ and ‘make it accessible enough to allow humans’. Might be hard, because people have vastly different hardware. Personally, I probably would be fine waiting for 1s, maybe up to 5s. Not sure if that is enough to keep the bots out. As far as I understand, they would still try (and succeed), just be fewer because signup takes more time.

      I also like the side-effect of micro-supporting the instance you join with a one time fee. I expect haters to hate this quite a lot though.

      • SirEDCaLot@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Doesn’t have to be a crypto miner. Just has to be any sort of computationally intense task. I think the ideal would be some sort of JavaScript that integrates that along with the captcha. For example, have some sort of computationally difficult math problem where the server already knows the answer, and the answer is then fed into a simple video game engine to procedurally generate a ‘level’. The keyboard and mouse input of the player would then be fed directly back to the server in real time, which could decide if it’s actually seeing a human playing the correct level.

    • animist@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I like the first two ideas but a problem with the third is most lemmy users are gonna be techies who probably use a VPN which means they’ll have to cycle through a few nodes before getting one that works (if they even realize that’s where the problem lies)

      • SirEDCaLot@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        VPN endpoints would not necessarily have low IP reputation. A VPN provider that allows its users to spam the internet is probably not a good one anyway. And besides, that would not inhibit registration, it would just make users fill out a form to apply so the server operator would have to go through and approve it.