Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The voting system is quite.... Completely broken :) While the marker disappears, you can still keep clicking, voting as much as you'd like


I think i've fixed that now!

Fingers crossed.


Not quite. Your rate limiting seems to be cookie based, which makes it easy for someone to circumvent just by replaying their initial request (or by deleting the cookie you set).


Ooops.

There's about a half dozen people down_vote DOSing the server right now.


  sudo iptables -I INPUT -s <offending ip> -j DROP


Or just hit the vote URL repeatedly with cURL (which is done via GET request).

The author might want to change it to POST/PUT and limit votes based on IP address instead.


It's ok - someone has submitted a sigh to point this out:

http://devsigh.com/sigh/58


It's a feature! ¬_¬




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: