Thanks for trying it out and signing it!
The math question idea came from UCL's contact us page that (I think) you set up and said it worked well enough to stop spammers. I was going to do the whole randomized post code thing we have on the message board but figured it was overkill for a demo g... more
I think homemade CAPTCHAs are currently- Puckdropper,Thu Apr 01 2021 12:24pm
pages don't seem to get hit. *knock on wood* An example (from my reply to Retna's post) was the subscription page that originally didn't have one and got hit but after adding one, it's no longer hit.
I'm guessing this small site isn't worth the resources and it's like having an alarm system sign... more
absolutely hammered. Other pages were untouched, but that one comments page was posted to something like 800 times by bots.
They haven't cared to register and comment, but I also turned off comments on posts older than a year (and all of them are now) so the page isn't seeing anything at all.
I'm sure lots of bots are programmed to look for WordPress boilerplate and HTML structure. But how many surf the web looking for a form that has an field name "answer" and somehow know to fill out that field using the math question nearby? And to do that on a small website like this where there's ... more
Trying out generic WordPress, PHP vulnerabilities and HTML form/query string combinations. (Using A=whatever in the query string is a very common one for some reason.)
I did end up using regular reCaptcha 2 on the create account, forgot password and subscription pages though. I originally didn... more
anything you want (like A=whatever) would be a good start. I remember seeing a technique published years ago where a form element was hidden (and thus the user would never see it) and its presence or absence was looked for when the form submitted. That only worked so long, though, as bots learned ... more
I have to specify which query params I want to accept (if any) in the method's parameters. So, if a user enters "?howdy=yall" and I'm not set up to look for a query param named "howdy", it gets completely ignored which is nice.
Example for the RSS controller's mapping to get the RSS feed of a m... more