X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id A5611DB91B
	for <pgsql-www-postgresql.org@localhost.postgresql.org>;
	Thu, 17 Nov 2005 12:24:24 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 58318-07
	for <pgsql-www-postgresql.org@localhost.postgresql.org>;
	Thu, 17 Nov 2005 16:24:22 +0000 (GMT)
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from tigger.fuhr.org (tigger.fuhr.org [63.214.45.158])
	by svr1.postgresql.org (Postfix) with ESMTP id D7B3DDB978
	for <pgsql-www@postgresql.org>; Thu, 17 Nov 2005 12:24:21 -0400 (AST)
Received: from winnie.fuhr.org (winnie.fuhr.org [10.1.0.1])
	by tigger.fuhr.org (8.13.3/8.13.3) with ESMTP id jAHGOHem049358
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 17 Nov 2005 09:24:20 -0700 (MST)
	(envelope-from mfuhr@winnie.fuhr.org)
Received: from winnie.fuhr.org (localhost [127.0.0.1])
	by winnie.fuhr.org (8.13.4/8.13.4) with ESMTP id jAHGOHvB013568;
	Thu, 17 Nov 2005 09:24:17 -0700 (MST)
	(envelope-from mfuhr@winnie.fuhr.org)
Received: (from mfuhr@localhost)
	by winnie.fuhr.org (8.13.4/8.13.4/Submit) id jAHGOHkc013564;
	Thu, 17 Nov 2005 09:24:17 -0700 (MST) (envelope-from mfuhr)
Date: Thu, 17 Nov 2005 09:24:16 -0700
From: Michael Fuhr <mike@fuhr.org>
To: Robert Treat <xzilla@users.sourceforge.net>
Cc: Dave Page <dpage@vale-housing.co.uk>, gevik@xs4all.nl,
	pgsql-www@postgresql.org
Subject: Re: Broken? http://www.postgresql.org/about/
Message-ID: <20051117162416.GA12630@winnie.fuhr.org>
References: 
 <E7F85A1B5FF8D44C8A1AF6885BC9A0E4E7E0BF@ratbert.vale-housing.co.uk>
	<1132243954.16256.136.camel@camel>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1132243954.16256.136.camel@camel>
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0 required=5 tests=[none]
X-Spam-Score: 0
X-Spam-Level: 
X-Archive-Number: 200511/121
X-Sequence-Number: 8836

On Thu, Nov 17, 2005 at 11:12:24AM -0500, Robert Treat wrote:
> I heard an interesting twist on this... rather than doing image
> verification, you instead reject submissions that come from page that
> don't contain a postgresql.org refferrer on the submission page. The
> idea being the spam bots post directly to the submission page, but users
> navigate thier way into the page. simple (and transparent to the user)
> but apparently very effective for some folks that have implemented it. 

It's also very broken for people who don't send Referer headers,
or who come from another legitimate site that links directly there.

-- 
Michael Fuhr