Closed revpriest closed 2 years ago
Added a simple "type hello" type box, which will probably at least stop most of the robots trying to use the subscribe form as a login box and dictionary-attack it.
Won't stop a determined attacker at all, but might confuse robots enough.
Looks like that isn't quite good enough. About a dozen new spam-addresses in the subscription lists now.
Perhaps my foe-robots are more sophisticated than I imagined. Giving them a placeholder was probably a mistake.
Anyway. Not fixed.
There was a bug in the captcha-checking. Swear I'd tested it but hey, apparently it just wasn't checking the captcha. The new simple one works well enough for now.
Running it for a while in production, it's obviously being treated as a login field by spam-robots.
sigh
So could probably use some sort of captcha. Nothing that does tracking or relies on tracking though.