Hacker News new | comments | show | ask | jobs | submit login


I am the developer of clickcha. Appreciate the input, but you seem to be forgetting that bruteforcing can be avoided by temporarily banning the IP for some time after certain number of incorrect attempts.

Don't forget that spammers exploit botnets with tens of thousands zombie computers each one with unique IP. 2.8% from 10000 zombies = 280 first try successful breaches.

You could make it much harder for bots by asking the user to click on two numbers (e.g. highest and lowest). I don't think that would be too much extra work for the user as most of the effort is in scanning through all of the numbers.

That's why they use botnets for this. Each attempt will be from a fresh ip.

Don't give up though, you are on to something. If you can make the permutation higher then yea you can definitely make it big.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact