Patrick R. Michaud wrote: > It wouldn't have to be spammers...search engine robots (spiders) would > be sufficient to cause these files to be generated as well. This > would be true if the robot doesn't honor 'nofollow' on links, or > if some of the action links on your site don't provide the 'nofollow' > flag. In this case, the only action link is Print, which has the nofollow.
> Note that a login attempt isn't necessary to cause a captcha (and > thus a session file) to be created -- simply displaying the page > that contains the captcha is sufficient. I think that's what is happening here. The sites are blog-oriented. So when you display the full entry, the comment form is displayed with the captcha. > In order for captchas to be at all workable and not easily circumvented, > the information about the displayed captcha has to be kept somewhere > on the server. PmWiki's captcha recipe uses session files for this > purpose -- I'm not sure what would/could provide a better solution > to this. Ultimately it's simply the fact that the captchas are > being displayed that is causing the files to be generated. How do other platforms handle this? I've not *noticed* this problem on WP sites for example. Perhaps something like ReCaptcha (http://recaptcha.net/plugins/php/) uses a different mechanism? ~ ~ Dave _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
