Old question, but I thought I’d chime in, as I’ve been maintaining a module for Drupal (Honeypot), which uses the Honeypot spam prevention method alongside a time-based protection (users can’t submit form in less than X seconds, and X increases exponentially with each consecutive failed submission). Using these two methods, I have heard of many, … Read more
Concept By adding a invisible field to your forms that only spambots can see, you can trick them into revealing that they are spambots and not actual end-users. HTML <input type=”checkbox” name=”contact_me_by_fax_only” value=”1″ style=”display:none !important” tabindex=”-1″ autocomplete=”off”> Here we have a simple checkbox that: Is hidden with CSS. Has an obscure but obviously fake name. … Read more
You cannot simply prevent DoS attacks by chaining throttling down to a single IP or username. You can’t even really prevent rapid-fire login attempts using this method. Why? Because the attack can span multiple IPs and user accounts for the sake of bypassing your throttling attempts. I have seen posted elsewhere that ideally you should … Read more