[pmwiki-users] 90,000 Session Files
DaveG
pmwiki at solidgone.com
Thu Mar 19 21:58:19 CDT 2009
In the past 4 weeks, I have accumulated over 90,000 session files, all
PmWiki based. Many are 0 bytes in size; others are small and contain
info like:
THIS:
captcha-challenges|a:2:{i:0;i:6680;i:1;i:6680;}
AND:
authpw|a:1:{s:9:"XXXXX";i:1;}authid|N;captcha-challenges|a:28:{i:0;i:3634;i:1;i:3080;i:2;i:1469;i:3;i:9901;i:4;i:2488;i:5;i:9146;i:6;i:8976;i:7;i:4217;i:8;i:8530;i:9;i:5051;i:10;i:9480;i:11;i:7442;i:12;i:3326;i:13;i:4212;i:14;i:2263;i:15;i:3358;i:16;i:6386;i:17;i:4609;i:18;i:5631;i:19;i:6594;i:20;i:1537;i:21;i:7717;i:22;i:6864;i:23;i:2520;i:24;i:1438;i:25;i:9996;i:26;i:4698;i:27;i:6755;}
(XXXXX above contained my password -- also not good.)
One of two things (possibly related) I suspect is happening.
* I'm getting hit by spammers trying (and failing) to get through the
captcha.
* I set garbage collection to a high value, so I don't have to keep
logging in every 23 minutes (or whatever the default is). Spammers are
attempting to login, and the failed attempts are creating session file,
which basically never expire.
Here's what I have (had) in farmconfig.php:
$EnableSessionPasswords = 1;
session_name(str_replace('.','',$_SERVER['HTTP_HOST']));
ini_set('session.cookie_lifetime', 99999999);
ini_set('session.gc_maxlifetime', 99999999);
I've temporarily reduced the values to a couple of days, to see if that
at least reduces the history of files. Is there a way to prevent session
files being created by spammers?
Or, is something else happening here?
~ ~ Dave
More information about the pmwiki-users
mailing list