1. Forum
  2. FidoNet Int
  3. sync sysops

  • Add captcha before permitting download from web for guest users

    From Nigel Reed@1:103/705 to GitLab issue in main/sbbs on Sun Dec 22 15:33:54 2024
    open https://gitlab.synchro.net/main/sbbs/-/issues/849

    I've had over 500 file downloads so far today and I cannot believe they're all from legitimate users.

    It would be nice if there was some sort of captcha that had to be completed before a download is started for a non-guest user. This would quickly stop bots from downloading files yet still allow unhindered access for authenticated users.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Fri Jan 10 15:21:57 2025
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6239

    Is this request for ecWeb (using cookie-based auth) or the built-in filebase support in the web server (using HTTP-auth)?
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nigel Reed@1:103/705 to GitLab note in main/sbbs on Fri Jan 10 17:34:58 2025
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6240

    Hmm, when I say authenticated users, I think I meant to say legitimate users, so I was thinking this would likely be implemented in ecweb. Just a simple capcha to block bots from trying to download files while still allowing non-users to grab them.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Fri Jan 10 17:55:21 2025
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6242

    So there are multiple ways to download files via HTTP[S]. It sounds like you're referring to the ecWeb method, but I'm not sure. If it's an ecWeb enhancement you seek, please assign to @echicken though I don't think he plans on further work on ecWeb.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to GitLab note in main/sbbs on Fri Jan 17 11:34:50 2025
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6271

    I'd suggest setting Download Requirements on the Library or Directory. Creating an account once is less hassle than filling out a CAPTCHA on every download. (webv4 does need a better indicator that an account is required to download a file; right now it just is or isn't a link.)

    I get the idea and it would allow unauthenticated downloads without leeching, but it's more work than I want to put into webv4 and seems unnecessary.

    I'm going to close this one for the sake of housekeeping, but reopen if you think someone else might want to pick it up in the future.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to GitLab issue in main/sbbs on Fri Jan 17 11:34:50 2025
    close https://gitlab.synchro.net/main/sbbs/-/issues/849
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)