Re: curl attack prevention
- From: Manuel Lemos <mlemos@xxxxxxx>
- Date: Wed, 30 Jan 2008 21:35:44 -0200
Hello,
on 01/30/2008 09:13 AM K. said the following:
Hello all!
Can you write me some code which let me sleep calm during the night
and what should I do to prevent some attackers from using curl function?
In Poland there is a big portal which become famous and some attackers
attacked it by using curl function and get all data about users.
Can you wirte me what should I do to prevent my portal from such attack?
Maybe id session regenerating is one of the thing which I should apply after
new login?
I don't think session regeneration will prevent any user from automating
the login access with Curl or any kind of HTTP client that emulates a
browser.
I think a good CAPTCHA solution in the user contact pages, or the login
form page, and probably make it also appears once in a while, would make
the hackerks life more difficult, if possible at all.
Some time ago I had to start using CAPTCHA to protect the author contact
pages, and also to avoid excessive load caused by people that use site
mirroring tools. I wrote about it here:
http://www.phpclasses.org/blog/post/43-Site-growing-pains.html
Here you may find several CAPTCHA solutions that you may want to try.
Some are very nifty, and they use sophisticated animated or Flash CAPTCHAs.
http://www.phpclasses.org/searchtag/CAPTCHA/by/package/tag/CAPTCHA/
--
Regards,
Manuel Lemos
PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
.
- References:
- curl attack prevention
- From: K.
- curl attack prevention
- Prev by Date: Re: How to use SQL "LIMIT" keyword against an MDB file
- Next by Date: Re: Getting data from a web page
- Previous by thread: Re: curl attack prevention
- Next by thread: Threaded (subject indented) php forums?
- Index(es):
Relevant Pages
|
