Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
RigidStyle2019-11-18 22:27:39
Information Security
RigidStyle, 2019-11-18 22:27:39

How to protect the site from bots and machines?

Hello.
How to protect the site from bots and machines?
Basic protection methods usually do not cope. They only nightmare real people.
For example, captchas during registration (even Google captcha) do not work, there are services that solve captchas for a penny. They are not profitable for a brute, but if someone needs to make several tens of thousands of spam accounts, captcha will not stop him. The same applies to limiting registrations from one IP address, this will only make users nightmare, but will not interfere with the villains.
Also, automated control systems (such as, for example, the mass liking system on the same Instagram). How to protect yourself from them? Set a limit on the maximum number of actions per unit of time - just set a delay and the system works. Blocking access from another device - bypassed, but annoying for real users. Etc.
Are there any advanced protection methods that cannot be bypassed? Or in order to get around them, you need to make so much effort that this is not comparable with the profit.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
X
xmoonlight, 2019-11-19
@RigidStyle

Button-image "Fill the form" and on click - form generation in JS.
More complicated: Change field names just before submitting data via AJAX.
Or create a behavioral filter.
(otherwise - only captcha)

Report
A
Antonio Solo, 2019-11-19
@solotony

if bots lead to DOS, then solutions from cloudflare, etc.
if it's just a fight against spam registrations - then fine field validation, honeypot
if they parse you specifically - then you need to look at their bot, fight specifically with it

Report
S
SEOD, 2019-11-18
@SEOVirus

Block the same type of action that is repeated too often

Report
D
Dimonchik, 2019-11-19
@dimonchik2013

in practice, both bypassing captcha and delays do not work much,
you could look for
a topic here more for a specific task - Amazon people are trying to parse), at the same time ask - did it finally work out for him?

Report
D
Dmitry Plotnikov, 2019-11-20
@dimap101

I tried a lot of things, settled on autoloading the form via ajax (you can do it on click) + filling time control (if the form is sent in less than 10 seconds - do not accept).
It is clear that it will not save you from writing a bot for you, but for now it normally helps from ordinary bots.

Similar questions
O
Oleg Aksenov2017-07-03 17:07:41
How do I protect screen data from being captured by the camera? 5Reply
G
Guest2021-05-21 18:36:11
Why does the program require a reboot after installation? 1Reply
V
VanKrock2015-07-28 20:54:42
How to store user tokens? 2Reply
S
soldier22222019-12-04 18:15:20
DOS attack through GoldenEye and xerxes in Kali, PC freezes, why? 2Reply
A
Andrew P.2015-08-05 22:23:15
Is it possible to completely hide a visit in the VK activity history (and not change the ip address)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question