On Thu, Mar 19, 2009 at 10:58:19PM -0400, DaveG wrote: > One of two things (possibly related) I suspect is happening. > * I'm getting hit by spammers trying (and failing) to get through the > captcha.
It wouldn't have to be spammers...search engine robots (spiders) would be sufficient to cause these files to be generated as well. This would be true if the robot doesn't honor 'nofollow' on links, or if some of the action links on your site don't provide the 'nofollow' flag. > * I set garbage collection to a high value, so I don't have to keep > logging in every 23 minutes (or whatever the default is). Spammers are > attempting to login, and the failed attempts are creating session file, > which basically never expire. Note that a login attempt isn't necessary to cause a captcha (and thus a session file) to be created -- simply displaying the page that contains the captcha is sufficient. > I've temporarily reduced the values to a couple of days, to see if that > at least reduces the history of files. Is there a way to prevent session > files being created by spammers? In order for captchas to be at all workable and not easily circumvented, the information about the displayed captcha has to be kept somewhere on the server. PmWiki's captcha recipe uses session files for this purpose -- I'm not sure what would/could provide a better solution to this. Ultimately it's simply the fact that the captchas are being displayed that is causing the files to be generated. (It's also something I _really_ dislike about PHP's session approach... it would be far better if each session file could be given its own lifetime instead of having a lifetime shared among all session files.) Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
