Hi,
I have a small site that has some whois toolshttp://www.whoisstuff.net. Its been a bit of aproject learn some php coding, but seem to be abused by a bot or something.
Basically, I have a SQL dbase which keeps search history of the domains name lookups. I used session and referrer to see who is dong what. But noticed that quite a few entries have neither a session or a referrer in the db. Also, the look ups are about a second apart, so I presume someone is using a bot to run these scripts.
I put in a little bit of code that check just before submitting the insert query to check if there is a session and referrer and if not to exit the script, however, there are still submissions.
Any idea how someone could be bypassing this? I tested it with cURL, but this always creates a sesison and reffered.
Stumped, please help.
Bots or something
Moderator: General Moderators
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Bots or something
Your checks for a valid session and/or referer sound like their are flawed. I would suggest posting your code and we can offer suggestions from there.
-
whoisstuff
- Forum Newbie
- Posts: 2
- Joined: Wed May 06, 2009 1:43 pm
Re: Bots or something
Code: Select all
$sessionid = session_id();
if (!isset($sessionid)) {
echo "Hmm, what is going on here?";
exit();
}
Last edited by Benjamin on Fri May 08, 2009 4:51 pm, edited 1 time in total.
Reason: Changed code type from text to php.
Reason: Changed code type from text to php.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Bots or something
Your checking if the variable is not set, although you are setting it in the previous line. Instead of !isset(), use empty() instead.
Also make sure you have called session_start() before using any of the session functions.
Also make sure you have called session_start() before using any of the session functions.