|
|
Posted by Manuel Lemos on 01/30/08 23:35
Hello,
on 01/30/2008 09:13 AM K. said the following:
> Hello all!
>
> Can you write me some code which let me sleep calm during the night
> and what should I do to prevent some attackers from using curl function?
>
> In Poland there is a big portal which become famous and some attackers
> attacked it by using curl function and get all data about users.
>
> Can you wirte me what should I do to prevent my portal from such attack?
>
> Maybe id session regenerating is one of the thing which I should apply after
> new login?
I don't think session regeneration will prevent any user from automating
the login access with Curl or any kind of HTTP client that emulates a
browser.
I think a good CAPTCHA solution in the user contact pages, or the login
form page, and probably make it also appears once in a while, would make
the hackerks life more difficult, if possible at all.
Some time ago I had to start using CAPTCHA to protect the author contact
pages, and also to avoid excessive load caused by people that use site
mirroring tools. I wrote about it here:
http://www.phpclasses.org/blog/post/43-Site-growing-pains.html
Here you may find several CAPTCHA solutions that you may want to try.
Some are very nifty, and they use sophisticated animated or Flash CAPTCHAs.
http://www.phpclasses.org/searchtag/CAPTCHA/by/package/tag/CAPTCHA/
--
Regards,
Manuel Lemos
PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
Navigation:
[Reply to this message]
|