Joshua Penix wrote: > > On Nov 5, 2006, at 1:35 PM, James G. Sack (jim) wrote: > >> Hmmm, anybody remember why this is still disabled? >> >> I know of at least one real person who wants in. > > Umm I think we were still just getting bulk robot signups that you were > having to clear out, even though once signed up they would no longer be > able to take advantage of the exploit. I'm happy to take out the Apache > rule if you think we're ready.
Well, I've manually added the user cmaier, so AFAIK there's no one hurtin' at the moment. If I'm reading the stats right, the KB rate is down and the 404 (and 403) codes are way down (but perhaps that's just because of the foreign-google short-circuiting in the apache frontend). There seems to be an appearance of 503 (service not avail) codes that didn't exist in september, whatever that signifies? The top search strings looks mostly toned down, but the top-referrers list still seems to have some suspicious sites. Anyway, does it seem worth it to try turning on access to the join form, and watch for a day whether the usage stays reasonable. I guess you (josh) would be the one to judge the usage -- so, whenever you can afford the attention, eh? If bot-generated membership apps jump-up again, I suppose we will have think about membership-granted via referral, or customizing the signup-operation (capcha), or something... ==> Additional opinions? Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
