I think all we really need to do to fight this particular script is just reject any user names or e-mail addresses that contain "@buffistas.org."
'Our Mrs. Reynolds'
Buffistas Building a Better Board ++
Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.
Would it be possible to obfuscate the registration page a little, such as replacing the text with numeric entities, or mixing things up a little for each page view?
Well, the attack is meant to hit e-mail form pages, which is one reason it's not working so well on the reg page. I don't think they mean to be registering. Obfuscation wouldn't be of further help.
Which also makes me wonder why they haven't gone after www.buffistas.org/email.php.
Maybe it is obfuscated? I have no idea. It's not the brightest attack.
reject any user names or e-mail addresses that contain "@buffistas.org."
So... they're trying to register as a Buffista with a Buffistas address? that... doesn't make a lot of sense.
Script kiddies never make sense -- it's not a person, probably, just a bot.
DX, the code should now block both usernames and registration addresses with buffistas.org in them.
Cool. Now, if we could just flood the originating IP with messages that all say "GET OUT! GET OUT! GET OUT!" it'd be perfect.
Cool. Now, if we could just flood the originating IP with messages that all say "GET OUT! GET OUT! GET OUT!" it'd be perfect.
Water. Out. My. Nose.
I'm also reminded of Stark's ("Farscape") little rant which would be equally appropriate:
"my side, your side!" "my side, your side!"