Right, I was hoping not to use them at a previous company that used AWS. One day we got hit by a DDOS (trying to get us to pay to stop it). Even with AWS WAF costing $0.60 per million requests, we ended up paying around $10k in WAF rules to block the attack. Yes, hundreds of thousands to millions of reqs/sec. Luckily the attacker had their entire botnet using an Accept-Language header from a specific (non-english) language, which made it an easy rule target. If it wasn't for that, I'm not sure what we would have done. Would actually love to hear what others do, I want the answer to be more than "use CloudFlare", but it's the only option I've found since then.
Funny it seems like I only ever see their captchas for companies that don't care about customer experience or have naively set up their online tools. Most major websites don't use them (or have sane settings that don't trigger captchas), commercial or not. It's usually mid-tier companies that I don't care enough to wait for the page load, or monopolies that actively hate their customer (e.g Canadian telco) where they are most prominent.
Right, I was hoping not to use them at a previous company that used AWS. One day we got hit by a DDOS (trying to get us to pay to stop it). Even with AWS WAF costing $0.60 per million requests, we ended up paying around $10k in WAF rules to block the attack. Yes, hundreds of thousands to millions of reqs/sec. Luckily the attacker had their entire botnet using an Accept-Language header from a specific (non-english) language, which made it an easy rule target. If it wasn't for that, I'm not sure what we would have done. Would actually love to hear what others do, I want the answer to be more than "use CloudFlare", but it's the only option I've found since then.
Funny it seems like I only ever see their captchas for companies that don't care about customer experience or have naively set up their online tools. Most major websites don't use them (or have sane settings that don't trigger captchas), commercial or not. It's usually mid-tier companies that I don't care enough to wait for the page load, or monopolies that actively hate their customer (e.g Canadian telco) where they are most prominent.
I think telcos in Canada are a triopily