homepage Welcome to WebmasterWorld Guest from 23.20.63.27
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Security against robots entering a site
What is the nature of the threat?
ibQuixote




msg:3550076
 8:48 pm on Jan 16, 2008 (gmt 0)

Hi,

I'm creating a site where people will log in and build a profile. Then they can share the profile with select others. Users will need to register, but the info they enter isnt particularly sensitive.

What Im concerned about is can/will malicious robots enter the site and wreak havoc with the databases?

In the past years, I've started to see those "systems" where a person has to type in a code (which is shown on an image unreadable to the robots) for entry to the site. Would anybody recommend I use these, and if so are there any recommendations on best practices?

Many Thanks!

 

surrealillusions




msg:3550085
 9:08 pm on Jan 16, 2008 (gmt 0)

Take preventative measures in forms that deal with the databases to prevent an sql injection and the like would be a good place to start off.

You can prevent search engines spiders and robots by accesing certain areas on your site by using the robots.txt file, however, i would of thought any knowledgable hacker would find a way to ignore that file so they can spider their way through the entire site.

Can you restrict certain areas with a password? The user has to login to access some areas where the info is displayed, so the bots cant get thru? You an implement a captcha on the form too to help prevent bots getting through.

Hope that helps

:)

thecoalman




msg:3550439
 9:43 am on Jan 17, 2008 (gmt 0)

If you're simply worried about a bot entering data, i.e. adding spam links. If its propietary page chances are they probably won't bother as they won't recognize what it is. They are designed to attack specific installations on a large scale, for example you have millions of phpbb forums installed worldwide and every forum has the same captcha system. Therefore if you can break one you can break them all (assuming the site admin hasn't taken precautions to prevent this). Same goes for large sites like Yahoo where you would sign up, they are looking for sites/pages that can easily be circumvented.

To prevent this on individual custom pages or even more vulnerable things like a forum creatin a unique captcha such as question is probably you're best bet. Example: Have some text highlighted somewhere on the page and ask them to type in the highlighted text to validate that its a human and not a bot. Simple but very effective, first bots don't answer questions(at least not yet), secondly this question can be unique on every site. Best part about that is it gets rid of the hardly legible image and is quite accessible to anyone.

ibQuixote




msg:3550828
 5:12 pm on Jan 17, 2008 (gmt 0)

Thanks for that. I definitely feel more comfortable about it now.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved