I guess I'm confused at what the referrer check is trying to attempt. Don't the scripts check to see if the 'entity' trying to post is logged in with a valid user ID and password? Isn't that enough to quell spammers?
Stress the system until it breaks. Hey.. it works for Spacecraft.. why not here?
