Page 1 of 1

Guestbook hacked by bots?!

Posted: Tue Aug 07, 2007 2:04 pm
by jaccrock
Hi,

I am an intermediate PHP programmer working on a site for my friend and while I am still putting everything together my guestbook has been getting hit with junk. I assume it is coming from some type of bot that looks to fill out forms.

The annoying part is I had already created a security image that generates random letters for each page refresh. The letters are stored in a PHP Session so... the user shouldn't have access to the security answer.

PLEASE, PLEASE take a look at let me know what I can do!

link removed

Thank you,
Jac

Posted: Tue Aug 07, 2007 2:15 pm
by TheMoose
Use a better CAPTCHA generator. That one doesn't have enough noise to prevent bots from using OCR to see the text. Or use a human CAPTCHA (such as a math captcha).

Posted: Tue Aug 07, 2007 2:27 pm
by Luke
damn! that's a lot of porn!

Posted: Tue Aug 07, 2007 2:32 pm
by jaccrock
Thanks for the quick reply!

I'll look into adding more noise. I'm not familiar with CAPTCHA. Can I get you to explain it briefly? or better yet I'll google it.

Thanks again!

Posted: Tue Aug 07, 2007 2:37 pm
by TheMoose
jaccrock wrote:Thanks for the quick reply!

I'll look into adding more noise. I'm not familiar with CAPTCHA. Can I get you to explain it briefly? or better yet I'll google it.

Thanks again!
CAPTCHA is the "random image" generator you put on your form. It's goal is to prevent bots from accessing/posting to forms. Noise doesn't have to be necessary lines and squiggly's all over the image, it can be skewing the text, rotating it slightly, cutting it into pieces (but keeping them organized so that the human eye can still see it), etc.