We still need a lot of things ... my biggest beef right now is the tag closing code. What we have now is better than nothing, but it frells up the HTML with abandon. Just in a less destructive way.
That's what I was going to parse out.
I know the larger font is a good idea, but I don't feel people fiending for it.
As for the searching for e-mail addresses -- it is important, but can be mitigated for th emoment by routing all those requests to me and I can poke through the database.
I'm thinking we should have an admin page, where all our sundry links are collected, so that left column doesn't get too long.
The other thing I'm jonesing on is cleaning up the CSS and removing much of the deprecated formatting in our HTML. DX, you can't really get your font stuff without that, and I know you want that muchly.
As for the searching for e-mail addresses -- it is important, but can be mitigated for th emoment by routing all those requests to me and I can poke through the database.
Consider yourself routed. There's a request that I can't help in the admins inbox (along with a zillion fake user names). I tried searching the new users folder, but the request must be about a much older name.
The other thing I'm jonesing on is cleaning up the CSS and removing much of the deprecated formatting in our HTML. DX, you can't really get your font stuff without that, and I know you want that muchly.
In term of what's important for the site, though, I think the tag fixing thing would probably be of more use. Also, if you're working on code to block fake username requests, I think that should get priority, because we keep getting hit, and I'm getting worried that they know something that we don't.
I've cleaned the code so I'm sure we're not abusable, but it's still fucking annoying, and you're right -- kiddy needs to be headed off at the pass.
Maybe if I get some quiet time at work today.
I'm getting worried that they know something that we don't.
What does you mean, DX? If you don't mind my asking.
Suela, our registration system is under attack by someone who appears to be trying to exploit some security hole there. As far as we know, no hole exists, but the attempts keep on coming. I'd have given up long ago, which is why I wondered if we're missing something. Besides that, it frelling annoying. Whoever it is is chewing up user names faster than a cancelled Minearverse show.
Would it be possible to obfuscate the registration page a little, such as replacing the text with numeric entities, or mixing things up a little for each page view?
I think all we really need to do to fight this particular script is just reject any user names or e-mail addresses that contain "@buffistas.org."
Would it be possible to obfuscate the registration page a little, such as replacing the text with numeric entities, or mixing things up a little for each page view?
Well, the attack is meant to hit e-mail form pages, which is one reason it's not working so well on the reg page. I don't think they
mean
to be registering. Obfuscation wouldn't be of further help.
Which also makes me wonder why they haven't gone after www.buffistas.org/email.php.
Maybe it
is
obfuscated? I have no idea. It's not the brightest attack.