Captcha appears to be useless, at least for Drupal. Antikoan.net has just been DOS'd for three hours (again, bringing down email as well as the website and site control panel). So apparently when you have 1300 (that's one thousand three hundred) "users" trying to post comments in a short timespan, it doesn't matter that they're not getting to actually submit the comments.

(I thought at first it was just another DNS failure -- I've had about six DNS failures since I moved to my current hosting provider. But then Peggy told me she'd seen 1300 "visitors" listed in the "Who's Online" block before the site went down.)

It also seems to be the case that capcha insertion doesn't prevent SQL writes in Drupal. That makes it pretty much useless for foiling DOS-attacks (in Drupal, at least).

Finally, at least four anonymous comment spams got through last night. So either the spambots have captcha-defeating code (odd that they'd have built that into a Drupal-attacking spambot...), or Captcha breaks stuff, as Peggy and Lynne have been reporting to me.

I have a few other things I can try, but they require some development. I could be able to implement it as a module, but it would be easier as a hack. Simpler, too. More another time...

Addendum: The site has been down twice more today, both times preceded by thousands of attempts to comment-spam. It seems that just hitting and submitting the "reply" page a few thousand times in a short time frame is sufficient to crash my site. I've turned caching back on, and there's a remote chance that might help, but if it's the reply validation that's killing the server then it won't help much. I'll just have to wait for the MoFos to get tired of attacking me.