Hiya,
Well, after harvesting IP addresses that called the TOPE comments
script for less than two weeks, I can report that 7139 unique IP
addresses were used, and that the "top 2" of them generated no less
than respectively 15149 and 12498 hits. :(
Obviously, the attacks are bot/virus driven, and there seems to be
little point in reporting the IP addresses (though I'll keep them for
now, such that perhaps I can report them after all).
So, as a solution, I implemented a Captcha image challenge on the
TOPE page. I did this such, that no sessions need to be created, and
that no user accounts have to be created. Rather, the scripts use the
user's input along with some other things (non-disclosed) to generate
a highly unique value, that lasts at most 5 minutes.
When leaving comments, at first the screen looks identical to what it
used to look like. However, upon sending the comments, you will be
presented with a so-called "Captcha challenge image". I took some
time to work out a good (not randomised) seeding algorithm, which is
extremely difficult (if not completely impossible) to predict. Sooo,
the page should be safe again for anything, but user generated spam.
Let's see if this holds. If user generated spam also starts to occur,
I'll have to revert to creating user accounts.
Either way: feel free to use the comments script again. :)
Then, a word or two about TOPE 30: so far, "all systems are go" for
an initial launch tomorrow, so if you still have pictures you haven't
sent in yet, you can still do so...
Cheers!
Olafo
==============================================
List usage info: http://www.zuikoholic.com
List nannies: olympusadmin@xxxxxxxxxx
==============================================
|