<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I'm just catching up on this topic, but...</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">It seems to me that - rather than using "faulty client applications or webclusters", flooding like this would require some coding that enabled automation. Heck, you can use ChatGPT to write code for something like this (if you want to run it in python).</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I don't think just adding a password requirement is going to solve this. Someone could easily register a fake (or unused) callsign with a password.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Probably the answer is rather complicated and exists mostly outside of the DX Cluster code.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Think of it this way...</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Modern systems (Gmail, Microsoft 365, your bank, your healthcare system, etc) generally require "multi-factor authentication" (MFA) these days to solve problems like this.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">For the uninitiated, there are THREE factors that can be used to validate your identity:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><ul><li>what you have (a registered phone or PC)</li><li>what you know (a password or PIN)</li><li>what you are (biometric)</li></ul></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Your phone or PC gets registered when you sign up... they send something to you to validate it.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Right now, most clusters are using none of these. There's a suggestion that we use the password ("what you know"). But the problem is this...</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">It's necessary to use AT LEAST TWO of these factors to validate the identity.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">That's why your bank will send you a unique one-time PIN code to your registered phone or email address... as it forces 2-factor authentication.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">My point here is... chasing after the password requirement to solve this problem is a "fool's errand." It can't solve the problem.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Coded solution? The next question I have is this...</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Is it possible to add code to the DX clusters that prevent spots for the same DX station by the same spotter on the same frequency for a duration of time? Spotted once... ignored for 60 minutes (if same DX call and frequency) or something like that.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Mike, WA9PIE</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sun, Feb 16, 2025 at 10:56 AM Mikel EA2CW via Dxspider-support <<a href="mailto:dxspider-support@tobit.co.uk">dxspider-support@tobit.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
:-/<br>
Here both DXspider and CC-cluster servers are still running, but cc is <br>
sending spots with a delay of 3-5 minutes ( I am running spider on a <br>
temporary server, as I managed to brake the usual one after trying of <br>
update debian 11 to 12, and still recovering...)<br>
<br>
Well, this is the beauty of not asking for passwords, no registering, no <br>
IP registering, developing faulty client applications and webclusters <br>
sending spots without usr/pwd need... A sum of all these has driven us <br>
to this more than predictable situation. I believed that it would <br>
explode during some major DXpedition, but I was wrong. :-/<br>
<br>
By the way, I've seen that RBN sent 3,5 million spots yesterday <br>
(<a href="https://sm7iun.se/rbn/analytics/" rel="noreferrer" target="_blank">https://sm7iun.se/rbn/analytics/</a>) So, in fact, all this attacks have <br>
little or no impact on the contesters if they are using rbn spots only. <br>
I am not sure about how many spots were sent by hand (human) yesterday, <br>
but probably much more less than these 3.5 M. So, if we don't care about <br>
our cluster net, big/medium contesters will leave it back.<br>
<br>
73 de Mikel EA2CW<br>
<br>
El 16/2/25 a las 14:11, <a href="mailto:dxspider-support-request@tobit.co.uk" target="_blank">dxspider-support-request@tobit.co.uk</a> escribió:<br>
> Send Dxspider-support mailing list submissions to<br>
> <a href="mailto:dxspider-support@tobit.co.uk" target="_blank">dxspider-support@tobit.co.uk</a><br>
> <br>
> To subscribe or unsubscribe via the World Wide Web, visit<br>
> <a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" rel="noreferrer" target="_blank">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
> or, via email, send a message with subject or body 'help' to<br>
> <a href="mailto:dxspider-support-request@tobit.co.uk" target="_blank">dxspider-support-request@tobit.co.uk</a><br>
> <br>
> You can reach the person managing the list at<br>
> <a href="mailto:dxspider-support-owner@tobit.co.uk" target="_blank">dxspider-support-owner@tobit.co.uk</a><br>
> <br>
> When replying, please edit your Subject line so it is more specific<br>
> than "Re: Contents of Dxspider-support digest..."<br>
> <br>
> <br>
> Today's Topics:<br>
> <br>
> 1. Re: Here we are again (huge flooding) (Jose P?rez)<br>
> <br>
> <br>
> _______________________________________________<br>
> Dxspider-support mailing list<br>
> <a href="mailto:Dxspider-support@tobit.co.uk" target="_blank">Dxspider-support@tobit.co.uk</a><br>
> <a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" rel="noreferrer" target="_blank">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
<br>
-- <br>
73 de Mikel Berrocal EA2CW-AE2CW<br>
Bilbao, Basque Country<br>
<a href="mailto:ea2cw@gautxori.com" target="_blank">ea2cw@gautxori.com</a><br>
<a href="https://www.ea2cw.eus" rel="noreferrer" target="_blank">https://www.ea2cw.eus</a><br>
<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
<a href="mailto:Dxspider-support@tobit.co.uk" target="_blank">Dxspider-support@tobit.co.uk</a><br>
<a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" rel="noreferrer" target="_blank">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
</blockquote></div>