Inexpire DevDiary – Spam

by Posted on

It’s a constant across the Internet: if it’s accessible, it will be attacked. And of course Rails is a pretty well known technology at this point so bots are very easily able to create accounts. I ran into this with Inexpire but I didn’t want users to have to confirm their email and go through that kind of friction during new sign up, so I wanted a way to discourage bots in a way that was entirely transparent to actual human users. But without any protection, I was seeing dozens of non-human accounts created daily.

What I settled on was a hidden field in the user signup page. If the hidden form has any text, the account creation is rejected. Humans will not see this form, so they are not impacted.

The result?

It’s been on the Internet for weeks with exactly zero non-human users.

Published by mark