

Review our idea: ip-address tracker for web-developers - somebody32

While working on some of our projects we've been struggling the
problem of preventing spammers or trolls from posting. Unfortunately,
captcha is not always a solution (like for example when you have a
vote widget, you wouldn't want your users to enter captcha). Browser
cookies are not effective, of course. So, you have to track
ip-addresses and make sure one ip does not send, say, more than 10
requests to a particular action during 15 minutes. Of course the
primitive implementation is a 10-minute session of unintellegent
coding. But over time things get more sophisticated, especially when
you need to add new rules, track browser user-agents and assign each
ip a trustworthy level. So out of 10-minute boredom code it grew into
something slightly bigger.<p>Now we've been thinking. Would anyone be interested, if we make a
webservice out of it, a lot like ReCaptcha: with an API and, say, libs
for some popular languages, so that anyone could collect, manipulate
and validate ip-addresses in their web-project. It would work like
this (the simplest case):<p>1. You send a check request with an ip_address of your user to our
service using our API.
2. We check if this ip exists in our db, if no - we add it.
3. Check when was the last activity from it, then check the rules that
you set up in our web-interface when you signed up.
4. Then send you back true/false answer based on the rules and on this
ip's previously stored data.
5. Based on this simple answer your application decides what to do
with the user (so, it would take a 1 line of code to set this thing up
in your app).<p>The service would also provide warnings (email, probably sms) about
blacklisted IPs and a web-interface to manage IPs.<p>What features would you pay for? Or would you at least use it for free?
======
fookyong
Honestly speaking, I think you might have a bit of a chicken and egg problem
with getting started.

I like the idea of your app and it's something I could use, but since you're
asking your customers to hard code stuff into their application at potentially
experience-critical moments, any kind of failure on your part would be pretty
disastrous.

This service is something I would use when it matures a little, it's not
something I would hook my app into whilst you're just starting out. Venture
backing or an established partner might help me convert sooner.

My 2c.

------
imdario
It is a good idea but not new. Zed Shaw's Utu took a similar approach:
<http://www.zedshaw.com/essays/ragel_state_charts.html> Yes, it is an article
about Ragel but it details Utu. There is no trace around Internet about it.

About integrating it in my app, I would use it. Maybe it can be built in
different way: publishing a feed with the "offending" IPs (PubSubHubbub?) and
leaving the API for only reporting them.

------
hga
Wouldn't it be trivial to poison your DB with false reports?

And it would be pretty much impossible for you to distinguish this from the
reporter getting hammered for real.

This sort of attack wouldn't be likely ... unless and until your service
became popular, at which point the payoff might be worth the trouble.

