When you’re running community-driven website sooner or later you will have to fight back spammers. There can be different kind of spammers, but the main question here is – how do we stop them from flooding your precious site?
Few days ago I noticed huge spike in users registration count, apparently some ‘seo’ agency (quote indented) decided that website I’m running is a great place for new backlinks directory ;–).
I’m running devise with obligatory email confirmation, so that’s the first gate you have to pass. Let’s say you don’t have to confirm your account, what are the other options here? Obviously captcha comes to mind. You can go and try good (?) old reCAPTCHA, but personally I’m not a big fan of it. You can get some great results with something similar to Negative Captcha that is 100% transparent to the user.
If that won’t help I recommend using some heavy artillery – rack-attack. It’s a rack middleware that can be a great help in those situations. Let’s go over few common cases here:
- spam is coming from few IP addresses, maybe a IP range or something, it’s should be quite easy to block with this formula (first see usage notes):
1 2 3
- you can’t filter traffic based on IP, but spammers are hitting your sign up page pretty hard – let’s blacklist too many sign up attempts
1 2 3 4 5 6
- still not good? Try limiting requests per seconds – just be sure to set this accordingly to your app (traffic you’re getting, amount of ajax requests etc.)
1 2 3 4
Good luck and may the Force be with you ;–).