stackoom
  简体   繁体   中英

How can I prevent such automated attack on websites?

 原文  2012-05-19 09:14:24       php/ mysql

Question

I notice that this email address graceamsalu10@yahoo.com compromised my site and sent a message (not email, it used the site's message app) to every member on the site. It registered and activated it's membership through email. I ran a google search on the email and all the results on the first page was showing others websites that the same email address sent exactly the same message that it sent to members on my site.

  • Please has anyone encountered this attack before?

  • and what are the ways I could use to prevent further similar attack on my sites? Thank you.

My website was developed with PHP and MYSQL

4 answers

solution1
 8 ACCPTED  2012-05-19 09:16:21

Use google catpcha. Even human sometimes are not able to understand it ;) http://www.google.com/recaptcha

Also it is good practice nowadays to confirm registration by sms. Some services provide this for free! (they add little ads in the text). Works perfectly.

After this step you can implement a ban system.. and it will be much harder to create fake accounts to do bad things on your website.

solution2
 2  2012-05-19 09:24:43

You can try some things ...

a. check the referrer on form posts, and deny posts from other urls ( if form posted from your website or remote script )

b. use captcha images (i really don't like it)

c. limit daily user posts per account or minute

hope this to help you

solution3
 2  2012-05-19 09:29:25

Captcha is one thing among many others, but one that added to captcha will keep them away mostly: register for each message sent in the database the unix time for that user, set a value for $timeBetweenMessages for example to 60 (seconds) and each time someone wants to send a message if $timeBetweenMessages has not passed then they need to wait. Usualy all "hackers" look for a way to do things fast and leave, no sane "hacker" will stay on your web site to send messages every $timeBetweenMessages intervals.

solution4
 1  2012-05-19 09:23:39

If you want to spare your regular users the CAPTCHA hassle, you can use a service like Mollom or Akismet to check the messages and postings for spammy content before they are sent. Both services offer PHP libraries.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can i prevent an XSS attack by using a session? How do i Prevent remote file inclusion attack from php? How to prevent automated request? Why is this a XSS attack and how to prevent this? How to prevent automated AJAX attacks How to prevent XSS attack with Zend Form using % How to prevent XSS attack (php/pdo) How to prevent DDoS attack on sms account verification How to filter out this bot / prevent this “attack”? How to prevent XSS attack in my function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM