SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Show After 3 Failed Attempts

    Hi, i have noticed that Twitter and Facebook both have a good system in place on some of their forms.

    For example, if a user fails to enter their correct details in to the Sign In Form 3-4 times, a reCaptcha shows.

    I also noticed that the reCaptcha shows on the Sign Up Form after it detects suspicious activity...

    Can anyone think how they might have implemented this system, as i really don't want to display a reCaptcha form my default... i would rather only display it if there was suspicious activity.

    (please do not respond saying that captchas are a waste of time etc... i am simply only interested in finding out how Twitter and Facebook are implementing captchas when they detect something suspicious :-)

    Thanks in advance for your help...

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    I'd guess they are probably doing something equivalent to storing the attempt in a PHP Session variable.

    1st result from this query gets me a discussion on that: 3 strikes and you are out PHP session.

  3. #3
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, don't see much on google on this

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Try this direct link then, I don't like linking directly out to other forums, but cannot find a good match on SP.

  5. #5
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cool, thanks, that is fine for signing in... how would you handle the sign up, thanks again for your help...

  6. #6
    SitePoint Addict
    Join Date
    Sep 2011
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I was thing of doing the following:

    When validating the sign-up form, check to see if an account has been created from the same ip address within the last minute (or less)… if it has, fail the validation and display a captcha

  7. #7
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Maui, HI
    Posts
    211
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Yeah, that's not an easy question to answer. I don't think it has one "golden solution". It really depends on what you consider suspicious.

    Multiple accounts from the same IP, free email providers, registration from common "spam countries", throwaway email addresses, etc. Just figure out what you consider to be "suspicious" and go from there.
    Keith
    Freelance web developer
    http://www.duvalltech.com/


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •