Ask HN: How to prevent spamming on JavaScript frontend logging API?
Hello HN,
We are design an analytics logging API for our JS application. What bothers us is spamming prevention. I can't come up with a better way than rate limiting to prevent someone else use a fake client and spam the API. Is there something I missed here? What are some best practices on this? What do generic services, say Google Analytics, solve the problem?
Thank you.
6 comments
[ 2.6 ms ] story [ 17.5 ms ] thread>so this kind of abuse is probably rare enough that it shouldn't be a big concern
Yes I would agree too that its pretty rare since webmasters are more cautious around fishy looking sites. However, there were 2-3 instances I noticed someone spammed a referral into my Google Analytics data.
I think per user token is good since we have captcha on registration. But we also want to something on non-logged-in pages/users. What can we do?
Also, if we connect the data point to a certain token, does that count as non-anonymously tracking user?
Yes, at with these techniques you're tracking users across requests. But that's the point of this kind of analytics, isn't it?