• ericscoles


    Still evaluating, but one key deficit is that wildcard support doesn’t seem to extend to domains, only to TLDs. Why that matters: We routinely get hammered by exploit probes using example.* domains, which blow past reCAPTCHA without slowing down. (Presumably they use example.* on the assumption it will be allowed to pass through filters.) It’s a massive inconvenience for the people receiving our forms. (Yes, I realize this would also block submissions from vuln scanning suites.)

  • The topic ‘Need support for blocking domain names with wildcards, not just TLDs’ is closed to new replies.