I have a site that allows guest users (not logged in) to post to the site. I’d like your opinions on creative ways to handle spam prevention and rate limiting. I already plan on using the reCAPTCHA package to make sure people are human, but I’d like to know a way to prevent a trolling user to post 100 times.
I found this DDPRateLimiter package on the Meteor Github page and I think it might be able to do the trick. I could possibly set the limit for this particular method to be something like 10 minutes or even an hour. Does this sound reasonable? Has anyone dealt with this before?
If you just want to throttle postings by any user to every 10 minutes, why not just have a lastPostedTime and check against that every time a user posts?
@csauer your requirement is not rate limiting, but rather a policy enforcement case. Your policy being anonymous users may not post twice within given time interval or something similar.
But, the problem lies with identifying the individual anonymous posters.