Well, I'm not that much of a guru when it comes to linux, this IPtables term is totally new to me so I had to be a little creative, So I changed the mechanism of the mod that I had in mind the first time I thought of it.
Now its working this way, a visitor opens up a page from my forum, php generates an md5 hash for him, then shortens it to only 6 chars and stores it in a session variable, and shows a form with a ( Click me button ). when the visitors clicks that button, a hidden field named 'h' (short for hash) is submitted and compared with the session variable already stored. So it works sort of like the session id concept now.
btw, I used GET method in that form to get around that security token issue when you post a form to a vb script that has CSRF protection turned on.
Sometimes this helps, specially when the ppl who r attacking you r not that smart, or not too many!
Anyways the attack has stopped, and I can go on with my life now , I'll be posting any other kind of solution for this problem that I find.
09-08-2008, 05:55 AM
, I'll be posting any other kind of solution for this problem that I find.
Threaded Mode