1. Forum
  2. DOVE-Net
  3. Synchronet Sysops Only

  • Add captcha before permitting download from web for guest users

    From Nigel Reed@VERT to GitLab issue in main/sbbs on Sunday, December 22, 2024 15:33:54
    open https://gitlab.synchro.net/main/sbbs/-/issues/849

    I've had over 500 file downloads so far today and I cannot believe they're all from legitimate users.

    It would be nice if there was some sort of captcha that had to be completed before a download is started for a non-guest user. This would quickly stop bots from downloading files yet still allow unhindered access for authenticated users.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Friday, January 10, 2025 15:21:57
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6239

    Is this request for ecWeb (using cookie-based auth) or the built-in filebase support in the web server (using HTTP-auth)?

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Nigel Reed@VERT to GitLab note in main/sbbs on Friday, January 10, 2025 17:34:58
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6240

    Hmm, when I say authenticated users, I think I meant to say legitimate users, so I was thinking this would likely be implemented in ecweb. Just a simple capcha to block bots from trying to download files while still allowing non-users to grab them.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Friday, January 10, 2025 17:55:21
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6242

    So there are multiple ways to download files via HTTP[S]. It sounds like you're referring to the ecWeb method, but I'm not sure. If it's an ecWeb enhancement you seek, please assign to @echicken though I don't think he plans on further work on ecWeb.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From echicken@VERT to GitLab note in main/sbbs on Friday, January 17, 2025 11:34:50
    https://gitlab.synchro.net/main/sbbs/-/issues/849#note_6271

    I'd suggest setting Download Requirements on the Library or Directory. Creating an account once is less hassle than filling out a CAPTCHA on every download. (webv4 does need a better indicator that an account is required to download a file; right now it just is or isn't a link.)

    I get the idea and it would allow unauthenticated downloads without leeching, but it's more work than I want to put into webv4 and seems unnecessary.

    I'm going to close this one for the sake of housekeeping, but reopen if you think someone else might want to pick it up in the future.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From echicken@VERT to GitLab issue in main/sbbs on Friday, January 17, 2025 11:34:50
    close https://gitlab.synchro.net/main/sbbs/-/issues/849

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net