Sometimes users spam by creating tons of fake accounts from an IP address, or entering in a fraudulent credit card. In both cases, telling the spammer that the IP address or card is fraudulent will lead them to immediately try the next card/change IP addresses and exacerbate our problem.
What's an error message we can give to spammers in situations like this? Are there any examples from the Web of ways to handle this in a good way?
Answer
Prevent them from automating these kinds of input with a CAPTCHA or similar puzzle that requires the attention of a human. You want to catch them before they get as far as they are now, so you don't have to deal with all the superfluous nonsense data in your system in the first place. And then you won't have to show them an error message.
One solution that works quite well is showing them a few pictures of dogs and one of a cat and then asking them to identify the cat. If whoever it is is a robot, they'll fail this quickly. If they're a human, you can ramp up the complexity of this challenge by, for instance, including math problems like "what is 3*9".
If they fail the challenge, reload the page but increase the time it takes to load the page by a factor of two. So the first time they wait 1 second, then they wait 2, then they wait 4, etc. Eventually the page will take so long to load that continuing to fill in the form will be impractical and they'll move on.
Summary takeaway: make it incredibly unattractive for them to input this spam data. Spammers are running businesses too and they're not going to waste time and money on an unprofitable venture.
No comments:
Post a Comment