[pmwiki-users] 90,000 Session Files

DaveG pmwiki at solidgone.com
Fri Mar 20 13:27:20 CDT 2009

Patrick R. Michaud wrote:
> It wouldn't have to be spammers...search engine robots (spiders) would
> be sufficient to cause these files to be generated as well.  This
> would be true if the robot doesn't honor 'nofollow' on links, or
> if some of the action links on your site don't provide the 'nofollow'
> flag.
In this case, the only action link is Print, which has the nofollow.

> Note that a login attempt isn't necessary to cause a captcha (and
> thus a session file) to be created -- simply displaying the page
> that contains the captcha is sufficient.
I think that's what is happening here. The sites are blog-oriented. So 
when you display the full entry, the comment form is displayed with the 

> In order for captchas to be at all workable and not easily circumvented,
> the information about the displayed captcha has to be kept somewhere
> on the server.  PmWiki's captcha recipe uses session files for this
> purpose -- I'm not sure what would/could provide a better solution
> to this.  Ultimately it's simply the fact that the captchas are
> being displayed that is causing the files to be generated.
How do other platforms handle this? I've not *noticed* this problem on 
WP sites for example. Perhaps something like ReCaptcha 
(http://recaptcha.net/plugins/php/) uses a different mechanism?

  ~ ~ Dave

More information about the pmwiki-users mailing list