[pmwiki-users] 90,000 Session Files
DaveG
pmwiki at solidgone.com
Fri Mar 20 13:27:20 CDT 2009
Patrick R. Michaud wrote:
> It wouldn't have to be spammers...search engine robots (spiders) would
> be sufficient to cause these files to be generated as well. This
> would be true if the robot doesn't honor 'nofollow' on links, or
> if some of the action links on your site don't provide the 'nofollow'
> flag.
In this case, the only action link is Print, which has the nofollow.
> Note that a login attempt isn't necessary to cause a captcha (and
> thus a session file) to be created -- simply displaying the page
> that contains the captcha is sufficient.
I think that's what is happening here. The sites are blog-oriented. So
when you display the full entry, the comment form is displayed with the
captcha.
> In order for captchas to be at all workable and not easily circumvented,
> the information about the displayed captcha has to be kept somewhere
> on the server. PmWiki's captcha recipe uses session files for this
> purpose -- I'm not sure what would/could provide a better solution
> to this. Ultimately it's simply the fact that the captchas are
> being displayed that is causing the files to be generated.
How do other platforms handle this? I've not *noticed* this problem on
WP sites for example. Perhaps something like ReCaptcha
(http://recaptcha.net/plugins/php/) uses a different mechanism?
~ ~ Dave
More information about the pmwiki-users
mailing list