Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Another form of timestamp analysis is to detect submissions that happen too quickly. A spammer's signup script is likely to fill out the form and submit it nearly instantly. Of course a spammer could beat this by waiting a small randomized amount of time, but that makes spam signups more expensive and might also deter them.


Many automated form fillers for normal people, such as LastPass or even FireFox's form fillers will fill out the submission forms and submit them quickly as well. Perhaps not as quickly as an automated script, but worth looking out for.


Well, that's for login. For registration it is usually not that fast.


A very rudimentary defense at best - any spammer or scraper worth their salt is randomizing their timing. Better yet, have timings derived from real users. For a dedicated attack (or even a category-specific attack like forum signups) timing would solve little.


This is a good method... especially if you look at it over the course of more than one page. If you have a multi-page signup funnel, you can watch the time it takes someone to get from the first form to the last.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: