kennard11 Posted July 27, 2016 Share Posted July 27, 2016 (edited) You might want to add some Javascript token generation or an open source authentication protocol to the login, because right now there is almost nothing that prevents bots. You could implement many things to prevent botting as cloudflare alone does almost nothing and the Javascript is too easy to reverse engineer. You could do things as Javascript token generation, or if you use any other protocol to login you could make it so when the user doesn't have Javascript enabled a captcha is shown. If you do use a captcha, I suggest SolveMedia or ReCaptcha v2 as Recaptcha v1 can be solved easily using services like Decaptcher or DeathByCaptcha. There are so many things that can be done to prevent botting in general and what I suggested is just the tip of the iceberg. I have years of experience in botting and web automation and I could tell you that a new programmer could easily develop a bot for this site, and there are already many free ones out there. Edited July 28, 2016 by kennard11 2 Link to post Share on other sites More sharing options...