Skip to main content

Replied to a post on github.com :

Ahh... didn't see that.. thanks.

Yes, it needs a referrer set - basically the anti-spam stuff stops most script kiddies since they tend to POST directly to the form endpoint, rather than "submitting" the form which (mostly) sets the referrer.

Since doing a similar .htaccess thing on my wordpress install, I've reduced login attempts from thousands a day to 0...