this post was submitted on 29 Jun 2023
140 points (100.0% liked)
Moving to: m/AskMbin!
18 readers
5 users here now
### We are moving! **Join us in our new journey as we take a new direction towards the future for this community at mbin, find our new community here and read this post to know more about why we are moving. Thank you and we hope to see you there!**
founded 1 year ago
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As someone who works in IT Security, the captchas are a necessary evil at this point. Without captchas, sites get slammed with millions invalid or malicious requests every hour. The sites I work with will see error traffic spike 3000% or more from credential stuffing attacks alone. These attacks are so highly distributed that simple IP tracking and banning all but ineffective anymore. And about 99.99% of the malicious traffic comes from VPNs and hosting providers. Unfortunately botnets and the people that run them are getting smarter and smarter about constructing the traffic to avoid bot detection.
tldr; the most effective tool to keep a site up and running and accounts secure is unfortunately captchas for VPN users.
My ISP puts us behind country wide CGNATs. So if a site bans an IP it's possible they'll turn the lights out for a whole region.