I am developing system like cloud CMS. So there are a lot of abilities to spam and i need to prevent it.
I tried to find some good practices but no luck.
And i figured it out..
So we need to make "fingerprint" of visitor by some uniq param that we don't store on client. (basically it's ip) Than every request to api server we register in Database (or cache store) and calculate request per seconds of that client. If it's more than some const we block request before he proof that he is real user (captcha).
Is't good idea? Or is there any better practices?
Aucun commentaire:
Enregistrer un commentaire