recaptcha – admin

Why the pesky “I am not a robot” game?

Over the last few weeks the site has been getting slower and slower, and then around 10 days ago it went down every day: database connection errors; timeout warnings.
My web hosts investigated, increasing memory here and there, but nothing seemed to work. Then they discovered that I was the victim of a bruteforce attack. This is when some evil-minded individual decides to bombard websites with requests, and the place to do this is where there is a form to be filled in, or if it’s a membership site, on the login page.
So, a computer was generating hundreds of login requests per minute, somehow making my site think they were from different IP addresses. These addresses were being changed all the time, so it was futile to try to black list them, because you can never keep up with them.
My hosts recommended using the reCaptcha system which is used by many websites. Luckily, computer hackers aren’t clever enough to program it.
So, I now have to have this pesky thing on the login page (and on the registration and renewal pages).
When I first started the site I considered having this, because it’s always recommended, but I decided not to precisely because it goes against Accessiblity guidelines. But it’s either that, or not be able to use the site for 4-5 hours every day.
If you are using a private computer, you could NOT logout after each session. I never logout here, and when I fire my computer up again, my site comes up with me already signed in. Every third day or so I do have to sign in again.
Another tip is, if you have a file that you will be needing for a whole term, say, then download it to your harddrive. Then you wouldn’t need to login to the site to play it because you have it already downloaded.
Sorry, but I will not be removing the reCaptcha system at the moment, but I am looking into alternatives.
UPDATE: A new version of reCaptcha tackles the problem in a different way, so there is now rarely an “I am not a robot“ game to play.