Closed aarontitus closed 6 years ago
kerryhatcher
commented
7 years ago While not a replacement of proper form validation, CloudFlare can help to a degree. Check out https://www.cloudflare.com/. Adding their free service in front of your ELB will cut down on nefarious traffic ever reaching your origin. Its easy, free, and painless to implement.
aarontitus
commented
7 years ago @kerryhatcher That's an excellent point. I agree that it's not a substitute for proper validation, but I really like the idea. Any chance you might be able to do a PR with that change?
kerryhatcher
commented
6 years ago @aarontitus it's not code based. You will need to create an account and swap your DNS servers around.
Do you use anything like Terraform to manage your infrastructure? I don't see any infrastructure as code in the repo.
The registration page does not currently implement any sort of Captcha or anti-spam measures. So far we have been lucky, but spam registrations have begun to arrive. We should probably implement Captcha, IP blocking, or other reasonable spam protections.