Adam,
Why not just create a unique session "Key" that is a Hash of the User
ID,
IP Address, and a Time Code (so it is only good for a few minutes between
'refresh Pings) ? That is how I do it. Then if any user hash does not
match the Time limit refresh Granularity and the IP address from the
request and the USER ID in the hash, all they ever get is a Login
screen. You also cannot Cache the page or use from a Google search.
Too long to post here, but it works very nicely for me. It also
automatically kicks users back to Login screen after 15 minutes of
inactivity.
I don't want a thousand requests for this and I am very busy
(deadlines), but if you email me separately I can show you the code.
Gregg Morrison ( [EMAIL PROTECTED] )
----- Original Message -----
From: "Adam Ingerman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 10, 2003 3:24 PM
Subject: text analysis, or how to detect randchar()
> I'm currently working on a chat server (yes, I know there are others I
could
> use, and no, I don't want to, nothing else I've seen comes close to
offering
> what I want), in perl (on linux, but it will be portable, so it's
preferable
> not to use too much OS-specific) and I expect that I'll have to deal with
> people trying to flood. with bogus logins as well as once logged on. I
have
> some methods of dealing with it in place already, but I know it's not
enough.
>
> then I heard about soundex and decided to look into it. result: I use
> Text:Metaphone to compute how 'pronouncable' a line of text seems to be.
and
> it works well. I also built a bunch of simple floodscripts to compare
against
> a log from a chatsite. most of the floodscripts were filtered out to about
> 90+%, when no 'real' posts were caught, but then I made a pseudo-word
> generator, which produces a flood that seems semi-real. correct ratio of
> vowels to consonants, spacing/word length, that sort of thing. but with
this,
> more than 2/3 gets through, which is nto a good result.
>
> now, since it's a chat, I can't really use huge amounts of computer power
for
> each line sent, so other stuff needs to run relatively well.
> the part that does all of the processing is a daemon (logins are through
child
> daemons, or in the case of HTTP, a cgi script that accesses a child
daemon),
> so if it takes extra ram/load time, that's not too big a deal.
>
> does anyone have any suggestions on what else I could use for this?
> or similar issues, like the flooding (from fighting ip-spoof logins to
> robot-floods to a number from the same person over a period of time, etc)?
> any snippets, pointers, modules, programs, et al would be greatly
appreciated
>
> TIA, Adam
>
> P.S. if anyone is interested in learning mroe about this project or
helping
> with it, send email off-list and I'll be happy to chat to you about it
>
> --
> What does the 'it' mean in "What time is it?"?
>
> _______________________________________________
> ActivePerl mailing list
> [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
ActivePerl mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
