Had to limit my side projects to only humans
I run a side-project called Stackblocks.
You get attacked. For trying to do something–build something–good.
Don't know why we humans are like that.
Recently someone, lets call them Hacker, did a DDoS attack on the app's login page. Which means, thousands of login attempts in a very short period. I send an email with login link when the user wants to login. So, thousands of mails were sent.
6000 emails were sent by the time I realized and decided to take action.
The limit I have is 1000 for a month. My account was flagged and the app's login was completely blocked. Even for genuine humans.
I tried putting a rate limit, which says one can try logging in only a few times in an hour. I thought I got rid of the issue.
But the Hacker found a way to bypass this, maybe some wait period in the script that delays the requests or retries if it fails, who knows. The attacked resumed.
10,600 emails sent. I had to find a way to stop.
Captcha to the rescue.
I added a check which asks "Are you a human?" before sending the email now.
Thankfully, that's a bit difficult to crack with a script.
This is how I kept robots at bay. From now on, every login page I build will have this check turned on.
If a robot is reading this, just know that we can still be friends.