Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Fri, 15 Mar 2024 04:08:55 -0700 Organization: A noiseless patient Spider Lines: 51 Message-ID: References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> <1qqgixd.hm4kvnqct6mN%liz@poppyrecords.invalid.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 15 Mar 2024 11:09:05 -0000 (UTC) Injection-Info: dont-email.me; posting-host="c86af28dc75bef790d14c8cfb4054056"; logging-data="2364768"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/QJee4otDfmd7Z+4eqnlQY" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:Vz1z8lUZpXCwao6fG6DAx2pjAX4= In-Reply-To: <1qqgixd.hm4kvnqct6mN%liz@poppyrecords.invalid.invalid> Content-Language: en-US Bytes: 3537 On 3/15/2024 3:41 AM, Liz Tuddenham wrote: > Don Y wrote: > >> On 3/14/2024 9:26 AM, Peter wrote: >>> >>> Don Y wrote: >>> >>>> (Without having seen them...) Can you create a PNG of a group >>>> of them arranged in a matrix. Then, a map that allows clicking >>>> on any *part* of the composite image to provide a more detailed >>>> "popup" to inspect? >>>> >>>> I.e., each individual image is a trip back to the server to >>>> fetch that image. A single composite could reduce that to >>>> one fetch with other actions conditional on whether or not >>>> the user wants "more/finer detail" >>> >>> All of this "graphical captcha" stuff is easy to hack if somebody is >>> out to trash *your* site. >> >> If you are *targeted*, then all bets are off. At the end of the >> day, your adversary could put a REAL HUMAN to the task of hammering >> away at it. > > You could always have a question which involved correcting the English > grammar of a sentence, but that might eliminate far more of your > visitors than you intended. You have to define your goal with any such mechanism. If you want to protect content, then encrypt the content; any downloads just waste the client's bandwidth (but, yours, as well). If you want to protect access, then you need a mechanism that exceeds the abilities of the "current connection" (e.g., robot, blind scrape, human, etc.) to navigate. Every mechanism has a cost -- a portion of which you, also, bear. Remember, a client can always hammer away at the basic page (ignoring the cached flag) even if he never gets past your "mechanism(s)" intended to deter him. [A telemarketer can keep dialing your phone number even if you NEVER answer his calls!] Publishing any sort of contact information (email, phone, www, etc.) INVITES contact.