It just slows down pageloads and doesn’t make anything more secure. Bots mostly use headless chromium ( example: GitHub - loblab/noip-renew: Auto renew (confirm) noip.com free hosts ). Maybe allow us to whitelist IPs that can bypass it or ability to disable it + blackist IPs? It just doesn’t make sense. It feels like a disability of free hosting instead of a security measure. Also it is using external js libraries which makes it even less secure and slow. It is kind of dumb. If you really need some other disabilites for free hosting, make it less mysql databases which is still a big limitation but not blocking possible visitors. I know, you want people to upgrade but not their visitors!
Most users are beginners and do not have enough knowledge and it is useful to have a security system for their safety and at the same time to protect the hosting from misuse.
If you own a domain you can use Cloudflare and avoid this check
There are plenty of bots which use headless browsers, but the vast majority of them simply uses basic HTTP calls in a programming language of their choice. But it’s hard to know for sure, since many harmful bots use user agent strings of popular browsers and operating systems to disguise themselves.
Anecdotally, almost any time someone comes here and says “my account was suspended for hitting daily limit X but there was no traffic”, then the website was using Cloudflare and Cloudflare didn’t stop a wave of bot traffic, which our security system would.
And finally, this system helps enforce our terms that all accounts should be used to produce web pages, which limiting disk space, databases, etc. doesn’t do.
