toot.wales is one of the many independent Mastodon servers you can use to participate in the fediverse.
We are the Mastodon social network for Wales and the Welsh, at home and abroad! Y rhwydwaith cymdeithasol annibynnol i Gymru, wedi'i bweru gan Mastodon!

Administered by:

Server stats:

918
active users

Paul

@aral as a small web person, do you have any thoughts on captcha alternatives? We keep getting hit with bots testing stolen cards by signing up to memberships. Looking at Cloudflare turnstile but wondered if you had any thoughts?

@paulcox Have you considered trying a honeypot field (an invisible form field which, if it gets filled in, you know it was done so by a bot).

I’d avoid Cloudflare if possible. Too much is centralised there already. It’s a huge privacy concern and single point of failure.)

@aral I had a look at that, but didn't seem likely enough to stop them, as easy to figure out with a quick look and work around it... but I could try that first and see. Have you had success with it previously?

@paulcox Do let me know how it goes. I’ve never felt the need myself. Likely because I’ve only ever used Stripe when I needed to implement payments and they’re pretty good about handling that stuff without fuss.

@aral yeah, we use Stripe as well, but yesterday we had over 1000 attempts to create memberships with different cards and 100 went through. We must be on someone's list somewhere.

@paulcox Oh wow, that sucks. Have you activated Stripes anti-fraud measures across your whole site (not just the payment page). Personally, I’m hesitant to do that as I don’t want a third party collecting data on the whole site but that might be one possible mitigation (?)

Best of luck, regardless. Sounds like a nightmare.

@aral cheers. Gone with cloudflare for now as we have a new video coming out tomorrow and so need it back in business before then, but might revisit when things calm down a little.