Guestbook hacked by bots?!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jaccrock
Forum Newbie
Posts: 17
Joined: Wed May 17, 2006 1:05 pm

Guestbook hacked by bots?!

Post by jaccrock »

Hi,

I am an intermediate PHP programmer working on a site for my friend and while I am still putting everything together my guestbook has been getting hit with junk. I assume it is coming from some type of bot that looks to fill out forms.

The annoying part is I had already created a security image that generates random letters for each page refresh. The letters are stored in a PHP Session so... the user shouldn't have access to the security answer.

PLEASE, PLEASE take a look at let me know what I can do!

link removed

Thank you,
Jac
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

Use a better CAPTCHA generator. That one doesn't have enough noise to prevent bots from using OCR to see the text. Or use a human CAPTCHA (such as a math captcha).
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

damn! that's a lot of porn!
jaccrock
Forum Newbie
Posts: 17
Joined: Wed May 17, 2006 1:05 pm

Post by jaccrock »

Thanks for the quick reply!

I'll look into adding more noise. I'm not familiar with CAPTCHA. Can I get you to explain it briefly? or better yet I'll google it.

Thanks again!
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

jaccrock wrote:Thanks for the quick reply!

I'll look into adding more noise. I'm not familiar with CAPTCHA. Can I get you to explain it briefly? or better yet I'll google it.

Thanks again!
CAPTCHA is the "random image" generator you put on your form. It's goal is to prevent bots from accessing/posting to forms. Noise doesn't have to be necessary lines and squiggly's all over the image, it can be skewing the text, rotating it slightly, cutting it into pieces (but keeping them organized so that the human eye can still see it), etc.
Post Reply