Downtime due to sign up spam
source link: https://blog.cachix.org/posts/2023-02-19-downtime-due-to-signup-spam/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
February 19, 2024 • Domen Kožar
At around 2am last night, I got woken up by a PagerDuty call due to our database being unresponsive.
I immediately restarted the database and it was back up in a few minutes.
While waiting for the database to come back up, I noticed that our sign ups were being overwhelmed with spam.
The usual approach to this problem is to add a CAPTCHA. Since we’re already using a honeypot, it felt like a natural next step.
Another approach is to rate limit on the server side, but that would degrade the user experience for legitimate users.
That’s when it clicked for me that we have to make the client-side request expensive for the spammer.
We’ve released and deployed elm-hashcash with the most simple implementation appending a counter to the email address and checking if the sha256 of it has a certain number of leading zeros (difficulty).
Happy spamming, Domen
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK