This website contains age-restricted materials including nudity and explicit depictions of sexual activity.
By entering, you affirm that you are at least 18 years of age or the age of majority in the jurisdiction you are accessing the website from and you consent to viewing sexually explicit content.
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
Ever heard of IP rotation? This is one malicious source rotating through IPs over the course of 24 hours. They’re attempting to credential stuff my logins ( on a production service ).
Yes, the industry is well aware of this. We do behavioral detection on both sessions and IPs. This is fairly basic.
Yeah, it’s fine as long as you don’t block legitimate users. For example, when I use a VPN a lot of sites block me. Even when my actual IP is banned when I’m in China (4chan range bans Chinese IPs) or the website is blocked in China.