Bots or something

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
whoisstuff
Forum Newbie
Posts: 2
Joined: Wed May 06, 2009 1:43 pm

Bots or something

Post by whoisstuff »

Hi,

I have a small site that has some whois toolshttp://www.whoisstuff.net. Its been a bit of aproject learn some php coding, but seem to be abused by a bot or something.

Basically, I have a SQL dbase which keeps search history of the domains name lookups. I used session and referrer to see who is dong what. But noticed that quite a few entries have neither a session or a referrer in the db. Also, the look ups are about a second apart, so I presume someone is using a bot to run these scripts.

I put in a little bit of code that check just before submitting the insert query to check if there is a session and referrer and if not to exit the script, however, there are still submissions.

Any idea how someone could be bypassing this? I tested it with cURL, but this always creates a sesison and reffered.

Stumped, please help.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Bots or something

Post by John Cartwright »

Your checks for a valid session and/or referer sound like their are flawed. I would suggest posting your code and we can offer suggestions from there.
whoisstuff
Forum Newbie
Posts: 2
Joined: Wed May 06, 2009 1:43 pm

Re: Bots or something

Post by whoisstuff »

Code: Select all

$sessionid = session_id();
    if (!isset($sessionid)) {
        echo "Hmm, what is going on here?";
        exit();
    }
Well it is just something simple. As I mentioned I am a bit of a newbie.
Last edited by Benjamin on Fri May 08, 2009 4:51 pm, edited 1 time in total.
Reason: Changed code type from text to php.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Bots or something

Post by John Cartwright »

Your checking if the variable is not set, although you are setting it in the previous line. Instead of !isset(), use empty() instead.

Also make sure you have called session_start() before using any of the session functions.
Post Reply