CAPTCHA

[revpriest]

Running it for a while in production, it's obviously being treated as a login field by spam-robots.

sigh

So could probably use some sort of captcha. Nothing that does tracking or relies on tracking though.

[revpriest]

Added a simple "type hello" type box, which will probably at least stop most of the robots trying to use the subscribe form as a login box and dictionary-attack it.

Won't stop a determined attacker at all, but might confuse robots enough.

[revpriest]

Looks like that isn't quite good enough. About a dozen new spam-addresses in the subscription lists now.

Perhaps my foe-robots are more sophisticated than I imagined. Giving them a placeholder was probably a mistake.

Anyway. Not fixed.

[revpriest]

There was a bug in the captcha-checking. Swear I'd tested it but hey, apparently it just wasn't checking the captcha. The new simple one works well enough for now.