Prevent spam bots on the site?

Question

Prevent spam bots on the site?

We have a problem on one of our rather large sites with spam bots. The bots seem to create user accounts and then publish journal entries that lead to various spam links.

It seems that they somehow circumvent our captcha - either it was hacked or it uses another method to create accounts.

We want to activate email for accounts, but we are from a week from the implementation of such changes (due to busy schedules).

However, I don’t feel that this will be enough if they use the SQL exploit somewhere on the site and execute the entire script script. So my question to you is:

If they use some kind of XSS exploit, how to find it? I defend claims where I can, but, again, its a rather large site, and it will take me a while to actively clear SQL queries to prevent XSS. Can you recommend something to help our situation?

+3

php mysql xss cross-site

Mike Mar 12 '10 at 15:09

source share

3 answers

, - Akismet, :

Akismet ;
, -;
, , , - ;
, , -?

+2

Gennady Vanin 16 . '11 8:18

- script, . POST "" : , , . GET XSS .

, /. , , . , .

If your user account tables do not have any creation timestamp, place it and create a server timestamp, not your user scripts. Thus, you can narrow the time period for scanning logs for bot activity and see what they do. And if nothing else, you can block the IP addresses from which bots are sent.

+1

Marc b Mar 12 '10 at 16:04

source share

John Conde · Accepted Answer · 2010-03-12T16:00:16+0000

1) As mentioned above, reCAPTCHA is a good start.

2) Askimet - . , Wordpress , . . API API . ( PHP-, ). , , .

3) , , , , . , , , .

Prevent spam bots on the site?

More articles: