Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Yeah, it’s fine as long as you don’t block legitimate users. For example, when I use a VPN a lot of sites block me. Even when my actual IP is banned when I’m in China (4chan range bans Chinese IPs) or the website is blocked in China.
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Yes, the industry is well aware of this. We do behavioral detection on both sessions and IPs. This is fairly basic.
Yeah, it’s fine as long as you don’t block legitimate users. For example, when I use a VPN a lot of sites block me. Even when my actual IP is banned when I’m in China (4chan range bans Chinese IPs) or the website is blocked in China.