Yes, I have Register, Contact Us, and Recover Lost Password checked.
In the past 20 hours, there have been 135 blocked attempts. The majority of the times are still below 2 seconds, but a couple were edging up towards the 15-second mark.
This morning, I increased the time difference to 30 seconds. A few minutes ago, one blocked attempt had a time difference of 16 seconds:
I hope some of the bots are not catching on and intentionally adding a delay to the process in an attempt to get past the time limit. Am I giving them/it too much credit?
As much as I like the email notices, I am going to see if I can modify the code to add a PHP function that writes the information to a log file. I have never programmed in PHP, but I used to be good at C several decades ago.
The entire point of using bots is speed. I would be a little surprised if botnet admins started programming long delays between filling out the form and clicking submit. It sort of defeats the purpose of using bots.
It would have to be a pretty long delay - page load times are a factor in this, and sometimes with some of the really bad proxies these bots are on, page load time can be really slow. Add to that, there is no way for the botnet admin to determine what your time differential setting is.
I'll be curious to see if your 30 second setting catches any humans, I fear it might. Please update us with that. Increasing the time is far preferable to reducing it - reducing it only helps the bots.
11-19-2012, 04:43 PM
Threaded Mode