Hi, i have noticed that Twitter and Facebook both have a good system in place on some of their forms.
For example, if a user fails to enter their correct details in to the Sign In Form 3-4 times, a reCaptcha shows.
I also noticed that the reCaptcha shows on the Sign Up Form after it detects suspicious activity…
Can anyone think how they might have implemented this system, as i really don’t want to display a reCaptcha form my default… i would rather only display it if there was suspicious activity.
(please do not respond saying that captchas are a waste of time etc… i am simply only interested in finding out how Twitter and Facebook are implementing captchas when they detect something suspicious
When validating the sign-up form, check to see if an account has been created from the same ip address within the last minute (or less)… if it has, fail the validation and display a captcha
Yeah, that’s not an easy question to answer. I don’t think it has one “golden solution”. It really depends on what you consider suspicious.
Multiple accounts from the same IP, free email providers, registration from common “spam countries”, throwaway email addresses, etc. Just figure out what you consider to be “suspicious” and go from there.