Hacker News new | comments | show | ask | jobs | submit login

Bots will be happy by any success rate above 0%


I am the developer of clickcha. Appreciate the input, but you seem to be forgetting that bruteforcing can be avoided by temporarily banning the IP for some time after certain number of incorrect attempts.

Don't forget that spammers exploit botnets with tens of thousands zombie computers each one with unique IP. 2.8% from 10000 zombies = 280 first try successful breaches.

You could make it much harder for bots by asking the user to click on two numbers (e.g. highest and lowest). I don't think that would be too much extra work for the user as most of the effort is in scanning through all of the numbers.

That's why they use botnets for this. Each attempt will be from a fresh ip.

Don't give up though, you are on to something. If you can make the permutation higher then yea you can definitely make it big.

I'd like to combine this with akismet. Bots will be happy with a 2% rate but I'll be more happy than them with 98% less comments to check in the spam folder

2% success rate against bots does not equal 98% fewer bot posts. Just 50x more traffic.

> Just 50x more traffic.

50x traffic is too obvious to ban :)

a five digit case-ignore number/letter success rate is 1/(36^5), it's very small but still above 0%

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact