[EMAIL PROTECTED] wrote:
Thoughts anyone? Are there less drastic measures that might be taken to prevent this kind of abuse?
Headers can always be forged as to browser and OS. Attackers will eventually figure it out and then you're back to the drawing board again. As tempting as this solution is, it probably won't help in the longer term.
Cutting off access to a specific IP requires manual maintenance. There are automated solutions as were pointed out, but these can become cumbersome to maintain and I have read somewhere (sorry, can't give you a reference to it) that piles of iptables rules can cause a slow-down in iptables processing.
Returning a link that expires in an email to the requester is a method that works nicely. It does require some programming and maintenance, but would be a nice gatekeeper.
I doubt that there would be any privacy concerns. The email address would be used to simply route the url and then be discarded.
/m ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
