Page 1 of 1

Bots or something

Posted: Wed May 06, 2009 2:06 pm
by whoisstuff
Hi,

I have a small site that has some whois toolshttp://www.whoisstuff.net. Its been a bit of aproject learn some php coding, but seem to be abused by a bot or something.

Basically, I have a SQL dbase which keeps search history of the domains name lookups. I used session and referrer to see who is dong what. But noticed that quite a few entries have neither a session or a referrer in the db. Also, the look ups are about a second apart, so I presume someone is using a bot to run these scripts.

I put in a little bit of code that check just before submitting the insert query to check if there is a session and referrer and if not to exit the script, however, there are still submissions.

Any idea how someone could be bypassing this? I tested it with cURL, but this always creates a sesison and reffered.

Stumped, please help.

Re: Bots or something

Posted: Wed May 06, 2009 5:07 pm
by John Cartwright
Your checks for a valid session and/or referer sound like their are flawed. I would suggest posting your code and we can offer suggestions from there.

Re: Bots or something

Posted: Fri May 08, 2009 4:38 pm
by whoisstuff

Code: Select all

$sessionid = session_id();
    if (!isset($sessionid)) {
        echo "Hmm, what is going on here?";
        exit();
    }
Well it is just something simple. As I mentioned I am a bit of a newbie.

Re: Bots or something

Posted: Fri May 08, 2009 4:44 pm
by John Cartwright
Your checking if the variable is not set, although you are setting it in the previous line. Instead of !isset(), use empty() instead.

Also make sure you have called session_start() before using any of the session functions.