mcaptcha-website/content/docs/introduction/configuring-difficulty-factor/index.md

62 lines
2.4 KiB
Markdown

---
title: "Configuring Difficulty Factor"
description: "mCaptcha has options to configure its proof of work engine
behavior, this page explains how to determine difficulty facotrs that
work best for your website!"
lead: ""
date: 2022-06-22
lastmod: 2021-06-22 20:17
draft: false
images: []
menu:
docs:
parent: "Introduction"
weight: 512
toc: true
---
mCaptcha is highly responsive to detecting DDoS attacks. Admins are
advised to take advantage of it by setting low [difficulty
factors](/docs/terminology/difficulty-factor/) for normal traffic levels
for their website.
**Lowest advisable difficulty factor is 5000.**
For instance, if it is normal for my website to get 2000 requests for
every 30 seconds, I will set a [cool
down](/docs/terminology/cooldown-period) period of 30 seconds and the
first level of difficulty configuration will have a [visitor threshold](/docs/terminology/visitor-threshold) of 2000 with a
difficulty factor of 5000.
There are two modes to setting difficulty factor for your website on
mCaptcha:
### Easy option
Easy mode asks a few basic statistics about your website and generates a
configuration that should work for your website. Currently, easy mode is
guided by assumptions on suitable difficulty factors to protect a
website but it will be fine-tuned as mCaptcha sees more deployment.
Configuration generated by easy mode can be tweaked later using the
advance mode, as you become more familiar with how mCaptcha works.
{{% img src="new-sitekey-easy-mode.png" alt="new sitekey form in easy mode" %}}
### Advance option
Advance mode gives the admin granular control over how mCaptcha behaves
on their website. It has options to set the difficulty factor for each
level of traffic(or visitor threshold, in mCaptcha speak), fully taking
advantage of mCaptcha's variable difficulty factor feature.
For instance, if it is normal for a website to get 200 requests over 30
seconds, then setting a very low difficulty factor for a visitor
threshold of 200 and a cool down period of 30 seconds will allow the
users to pass through without waiting on the CAPTCHA. But if 1000
requests over 30 seconds will bring down the service, then the admin can
configure increasing levels of difficulty factor of increasing traffic
levels, effectively rate limiting its users and protecting the
underlying website.
{{% img src="new-sitekey-adv-mode.png" alt="new sitekey form in advance mode" %}}