homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Best Way to Deal with Bad Bots
spam bot prevention

5+ Year Member

Msg#: 4615458 posted 9:23 pm on Oct 8, 2013 (gmt 0)

I have a webform on my website that allows people to submit information to my database. At the moment, the webform has no protection.

What risks am I facing as a result of not having any protection? Is it just spam bots, or are there other risks?

And what's the best way to deal with the different risks?

I am aware that I can prevent bad bots from accessing my website by using mod_rewrite, and that I can stop bad bots from submitting information to my database by using a CAPTCHA. Are these the best methods of protection?



WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 4615458 posted 1:18 am on Oct 10, 2013 (gmt 0)

the script that handles your form's POST Request should scrub and validate all data before using in a db INSERT or UPDATE.


5+ Year Member

Msg#: 4615458 posted 11:50 pm on Oct 11, 2013 (gmt 0)

Thanks, Phranque.

Okay, I have learnt about the following risks:

XSS injections
SQL injections

To prevent XSS injections, I have used htmlentities() and strip_tags() wherever appropriate.

To prevent against SQL injections, I have used mysql_real_escape_string().

To prevent against spambots, I have used two security measures:

1) My form takes note of the time that it loads and compares it with the time that it is submitted. If less than ten seconds, the submission fails because the submission was probably made by a spambot.

2) I have added a hidden text field to my form. It's hidden by display: none. The field is called "email". If the field is populated, the submission fails because it was probably made by a spambot.

I will, of course, also ban spambots by IP address, something which I am trying to learn now.

Can you guys think of any other database security and maintenance measures?

I guess I should also back up my database every day or something.

Anything else?


10+ Year Member

Msg#: 4615458 posted 2:25 am on Oct 24, 2013 (gmt 0)

I use an extension on my joomla sites that does a great job of killing attempted sql injections, poisoned null attacks etc. The cost is very reasonable and it's easy to configure.

One additional advantage is that a lot of the crud that would normally get submitted gets whacked by the extension. It will, on occasion, kill a good guy but the cost benefit makes it worth it.


Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved