rotoiti. Many services use this authentication procedure (overture.com does for instance).
Here is basically the same reply we sent you when you opened a ticket with us:
We needed to add the verification image as we had some users write clients to log in 4,000 times at once. This affected the performance of the control panel for other users.
The great thing about DNS Made Easy services is that they are very inexpensive and we have the highest quality service in the business. The bad thing about our services is that they are inexpensive (fraction of any competitor) so it tends to attract a crowd that abuse the service. The lower cost your services are generally the lower type of customers you sometimes attract (abusive users).
Most of the time and money we make goes into stopping these guys from ruining the service for our other customers (valid customers).
So our options are to either raise our prices so that the abusive users will not be able to afford our pricing (probably all we would need to do is raise our pricing to match our lowest valid competition).
Or we have to make these sort of changes so that the abusive users will not be able to hurt the services of our other users.
Eventually (as your support ticket indicates) we will have to do a little bit of both (raise prices and also make it harder). But for right now we are trying to not raise our prices.
But as you seem to indicate we will probably just be raising prices as making the services harder for abusive users to abuse the service is just bothering our current customers.
Originally posted by rotoiti So the main purpose was to stop DoS attacks? What would be the purpose of opening 4000 connections at once? Stupid prank?
Yes, it should indicate this on the Login page. But we understand if it is not clear. It only mentions that the verification image is used to increase system performance.
Originally posted by rotoiti Stupid prank?
Well we tried to contact the few users and we didn't get a response so we are not sure but we figured the options were.
1) Stupid prank like you said.
2) A lame try of DDOS attack. Thinking that the DNS servers in the over 20 cities worldwide would be affected which of course they were not.
3) Some users that actually tried to make an automated script to log into the system but it was faulty.
We would hope that it was #3.
But from our past experience (and since the user did not reply) we are thinking that it is #1 or #2.
I don't mind the security code at all. To me, it's worth entering a short code if it helps prevent abuse of the login form.
Originally posted by tiggee Eventually (as your support ticket indicates) we will have to do a little bit of both (raise prices and also make it harder). But for right now we are trying to not raise our prices.
Just curious: If you do increase the prices, how will this affect existing customers? Will we have our prices increased as well, or can we continue paying what we are currently paying?
We are not increasing prices so we have no idea what we would do. I'm sure we would grandfather everyone in for a few years if you wanted to renew. But I just mentioned that as a possibility to stop the low cost abusive users.
Lost cost users that just want to break things tend not want to spend a lot of money when they do it since it is just a hobby for them.