I want to implement a solution to limit the number of Website Joins can be made by one user. I thought of tracking IP address but these are to generic now.
I'm now looking to set a cookie and increment for each join and then block joins at say 5 from one machine per day. Does anyone have any thoughts around this being a good/poor idea?
use something like:
setcookie("w3resource", $cookie_value, time()+3600, "/home/your_usename/", "example.com", 1, 1);
Is this a fair way to try to prevent automated account creations.
Then apart from a captcha (can anyone recommend one that is hard to break) what other measures could I use to prevent automated account creation?
thx
You are basically trying to rate limit access to your web application. There is a nice article on codinghorror.com showcasing the different options you have to rate limit.
Getting more technical you have to decide whether you want rate limiting to be done by your web server or by your own implementation.
If you roll your own solution, I'd recommend to have stacked rate limits. E.g. 5 sign up attempts per minute, if exceeded 20 per hour, if exceeded 30 per day, etc. Heres a simple algorithm (albeit its written in python) that should get you going.