I had someone logging in as a guest hundreds of times for the sole purpose of toppling over the server. Is there any way to prevent this? It could be done on a server level, but would be handy if GForum could be set to prevent multiple logins from the same IP (?)

Jason

Well you could always put this in access/httpd.conf ....

<Directory />
Order Deny,Allow
Allow From All
Deny From some_ip_address
</Directory>

.....as for GForum, can multiple logins come from the same person?....I didn't think that could be done.

Hi Jason

I just had the same problem. The server log files revealed that someone had used Teleport Pro (an offline downloader), to download everything from my site, including the whole forum. This robot sends a request every second or so, and my server was getting slower and slower.

Now, I have banned his IP address from the forum (which immediately stopped the download), and I use a robots.txt file to exclude Teleport robots from my forum pages.

Annoying....

Ivan
-----
Iyengar Yoga Resources / GT Plugins

Ahh how silly, I should have realised it could be done...I even posted that 185 guests thing in chit-chat.

Isn't the point of sessions to stop that?

Can't sessions for guests be added into the database with their ip and last activity and if they try to do something every few seconds then block them?

Yes. This was implemented on the original GForum version 1, but was later taken out as people on fast connections were complaining that the forum was blocking them because they requested more than x amount of page per minute.

I'm the kind of person who opens each thread up in a new window, this means I could request say 7 pages in a few seconds which the server then blocked me. This is the reason I believe Alex took it out. :-\

- wil

Don't know if this will help at all, but GT has added the Teleport spider exclusion in their robots.txt file...

http://www.gossamer-threads.com/robots.txt

I've added it myself and it has reduced the amount of unnecessary "spidering".
========================================
Buh Bye!

Cheers,
Me

FWIW ... this only works with well behaved spiderers.... You can have Teleport Pro identify itself as MSIE, NN, or a custom signature.

When I "spider" sites with TP, I set it ti MSIE....


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.

When you're getting ten or so requests a second to try and cripple your server, and such a useful feature as banning multiple requests was taken out, to not even have it as an option to toggle on and off doesn't seem the brightest thing to do?

Jason

It was never a feature of Gossamer Forum, but rather a mod_perl handler we were playing with on Apache, totally separate.

Cheers,

Alex
--
Gossamer Threads Inc.

Thanks for clarifying that. Sorry if I caused any confusion to anyone by my lack of knowledge on this topic.

- wil