Rate limiting & IP banning

I'm building a website that let's people post whatever text they want completely anonymously. The heart of the project is inspired by moot's concept of 'prismatic identity' - people need the ability to wear masks, and I want to give them that in a Twitter-esque fashion.

So as you'd expect, no login is required to post, but I am issuing a cookie to the browser (that expires @ 6 hours), and also storing a "user" key server-side that's built using IP address, user-agent, and screensize - totally separate from the cookie itself.

All that said, I do need/want to weed out spambotting and shitposting, so I need to implement rate limiting and possibly temp bans - oh and I HATE captcha, so I don't want any of that shit requiring a post. Now I did think about a much more watered down version of captcha, whereby it asks you to do VERY simple math problems (2+2=?) and I'm sure we've all seen those, and I quite like them actually, but still hate the overall concept.

I don't want to ban/rate limit people based on IP because that's just dumb and not effective, but is the user key I'm using really the best method for this? It basically takes lessons from panopticlick regarding browser-fingerprinting, but I'm curious to know if anyone has 1) had this problem and 2) solved this problem.

tl;dr  What are the best alternatives to rate limiting / temp banning apart from IP based methods?

is /prog/ really this useless?

install gentoo

Gentoo in a production environment? troll successful

>oh and I HATE captcha, so I don't want any of that shit requiring a post.
Please tell me when your project is done.
I will enjoy sagebombing all your threads

Use Text captchas produced by figlet.

Have your users solve differential equations in S-system form.

read SICP

there are no threads

really gonna steer clear of captcha at all costs, but ill check it out

best idea yet

nice bro - this project was built full stack in day and up running on aws, but yeah go fap to some fundamentals

**YOU HAVE BEEN VISITED BY LE TOP LEL OF COMEDY GOLD** POST THIS IS 3 threads or lose your sides!
░░░░░░░▄▀▀▀░▄▄▄▄░░░▀▀▀▀▀▀▀▀▄▄░▀
░░░░░░░█░░░░░░░░▀▀▀▀▀▄▄▄▄▄▄▄▄▀░░█
░░░░░▄▀░░░░░░░░░░▄░░░░░░░░▄▄░░░░░▀▄
░░░▄▀░░░░░▄▀▀▀█▄░▀░░░░▄▀▀▀██▀▀▄░░░░░▀
░░▄▀░░▄▄░░▀▀▀▀████▀░░░▀▄▄▀▀▀▀▄█░░░░░░█
░▄▀░▄▀█░░▄▄░░░░░░░█░░░░░▄▄▄░░░▀▀░░░░░░█
▄▀░░█░█░▀░░▀▀▄░░░░░█░░░░░░░▀▀▀▀▀▄░░░░░█
▀▄░░▀░█░░░▄░░░░░░▄▀░░░░▀▄░░░▄▄░░▀▄░█░▄▀
░░▀▄░░░░█▀▄░░░░░▀█░░░░▀▀░█▄▀▄░█░░░█░█
░░░░█░░█░▀▄▀▄▄░░░░▀▀▀░░░▄█▀░▄▀█░░░░▄
░░░░░█░░█░▀▀▄░▀▄▄▄▄▄▄▄▀█░▄█▀▄▀░░░░░
░░░░░█░░▀▄▄░░▀█░░░█░░▄▄▀▀▄▄█▀░░░░▀
░░░░▄▀░░░▀▄▀▀▄░▀▀▀▀▀▀▄▄▀▀▀▄▀░░░░▀
░░░▄▀░░░░░░▀▄░█▄▄▄▄▀▀░▀▄▀▀░░░▄▀▀
░░▄▀░░░░░░░░░▀▄▄▄▄█▄▄▀▀░░░░▄
░░█░░░░░░▀▄▄░░░▄▄▄▄▄▄▀░░░▄▀
░░█░░░░░░░░░▀▀▀▄▄▄▄▄▄▄▀▀
░░░█░░░░░░▀▀▀▀▀░░░░▄
░░░▀▀▄▄▄▄▄▄▄▄▄▀▀▀

kek'em

>>11
chekd

>>1
Use ephemeral username and password as tokens to post, giving the option for the user to save a cookie or not to post with (you can also use the form instead). The only thing that will be saved is the post and username, and an optional #hash#value the user can sign in case zhe needs validate his posts. Of course, the textcaptcha will be used when creating the username. So if they need to switch usernames for a stupid reason, they can, and post again. The timer would be the captcha, and time limit per posts per username (admin choice, units in seconds).

You can then remove the username list every day or so, have them create it every X time (admin choice). Similar systems like such:
reddit.com
news.ycombinator.com
etc.

But they keep the username forever, which should not be the case. Plus, the usernames are identifiers, which also should not be the case. Only the admins should be able to review the posted "username" and remove their post or the username.

There you have a system ignorant of IP addresses, post filterable, and spam retardant.

You should be helping us here:
https://ivasiwlrjq5dxk6b.onion/p/distbb/index

>>13
This is great, thanks - smells of tripcodes and I like it. But you actually gave me a really good idea totally separate from the topic at hand - i kinda always like being issued an id via some mechanism that was like "you need to remember this code, write this shit down, its super important" - and it would be pretty interesting to give the end-user the ability to generate a this perma-id of sorts, that when opted for, is generated client-side, persisted to the server via ajax, and if the user passes along the UUID going forward via some input field, then you display some alias or whatever the "user" wants - could even have a user page to show bullshit metrics (num posts, last post time, etc) that is based just on this random id - literally, 1 field: enter your UUID --> submit --> user page.

*grabs dick*