On Wed, Jun 13, 2018 at 5:17 PM Simon Slavin <slav...@bigfraud.org> wrote:
> 13 Jun 2018, at 11:52pm, Bob Friesenhahn <bfrie...@simple.dallas.tx.us> > wrote: > > > The problem is knowing what "one" means. The subscription request is > likely submitted via http/https into the web form and using a bogus email > subscription address (of the "victim"). A botnet is able to submit these > requests from hundreds of IP addresses. > > And Hooray for TOR https://www.dan.me.uk/tornodes > First you accept only one request per IP address for every twentyfour > hours. You might as well just wipe your address list at midnight rather > than do the tricky programming to implement a rolling 12 hour window. > > Second you have the form page generate a random number every time it shows > the form. The submission has to include the number sent to that IP > address, and it has to be done at least five seconds after the number was > generated. This ties up that bot (though not the whole botnet) for five > seconds. One assumes that humans take more than 5 seconds to type their > password twice and hit 'submit' so they won't even notice the difference. > People who copy-and-paste their email address into the 'verify' field > deserve what they get. > > Third you accept only one request per email address per week. > > The second of the above defeats a lot of bots. They submit the request > without ever downloading the form in the first place. > > For all the above you need two tables of data and some python > programming. Unfortunately I don't know Python. > > Simon. > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
