d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > How To Do I Prevent Spam Registration Bots? > +some Other Security Questions
Add Reply New Topic New Poll
Member
Posts: 8,724
Joined: Oct 20 2007
Gold: 2,794.65
Jul 31 2012 03:51am
How can I prevent fake registration bots without using some annoying capture? Is there a way?

Also to help prevent against fake http requests / form spoofs is this an acceptable method?

my genToken method in my user class
Code
public function genToken(){
 $token = md5(uniqid(mt_rand()), false);
 $_SESSION["token"] = $token;
 return $token;
}


Login.php (basics)
Code
<?php
if(isset($_SESSION["token"])){
 $token = $_SESSION["token"];
}else{
 $token = $user->genToken();
}
?>

<form method="post" action="include/site/login.php">
<input type="hidden" id="token" name="token" value="<?php echo($token); ?>" autocomplete="off">
</form>


Then when the form submits I check for this token value and compare it with current session token and do what's needed.
(this might be absolutely retarded that's why I'm asking for advice so don't come with some elitist circle jerk attitude please)

Thanks for reading!

##################

Another quick question about session hijacking. This is my user class construct method. Is this okay to do?

Code
function __construct(){  
 /* Session hijack protect*/
 if(!isset($_SESSION['last_ip'])) {
  $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
 }
 if($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']) {
  /* Clear the SESSION */
  $_SESSION = array();
  /* Destroy the SESSION */
  session_unset();
  session_destroy();
 }
}


e/ just read title fml ..

This post was edited by Atonement on Jul 31 2012 03:55am
Member
Posts: 6,522
Joined: Jun 5 2008
Gold: 0.00
Jul 31 2012 07:11am
You could always have a static image like a cat or something and have users answer what it is, and have something checking for multiple registrations per ip.
Member
Posts: 2,736
Joined: Nov 28 2009
Gold: 34.00
Jul 31 2012 08:15am
There's nothing wrong with being innovative, but you may want to look at all existing solutions first.

http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins/
http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx
http://nedbatchelder.com/text/stopbots.html

The honeypot idea seems pretty good.

btw
Member
Posts: 8,724
Joined: Oct 20 2007
Gold: 2,794.65
Jul 31 2012 11:45am
Quote (eagl3s1ght @ Jul 31 2012 02:15pm)
There's nothing wrong with being innovative, but you may want to look at all existing solutions first.

http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins/
http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx
http://nedbatchelder.com/text/stopbots.html

The honeypot idea seems pretty good.

btw
http://4.imgland.net/84Jo90R.png


Thank I will give them a read.

Also you just kinda did what I set out to achieve when making it. (Waste peoples time, yes that's very childish of me but oh well it's the internet!)

/e Lol that honeypot idea is super awesome, I'll go with that one for now and see. Thanks!

This post was edited by Atonement on Jul 31 2012 11:49am
Member
Posts: 2,736
Joined: Nov 28 2009
Gold: 34.00
Jul 31 2012 03:08pm
Quote (Atonement @ 31 Jul 2012 19:45)
Thank I will give them a read.

Also you just kinda did what I set out to achieve when making it. (Waste peoples time, yes that's very childish of me but oh well it's the internet!)

/e Lol that honeypot idea is super awesome, I'll go with that one for now and see. Thanks!


Meh, it only takes 3 seconds to check the size (Right click, show image information), and an extra 15 to set up the screenshot like I did.
It may seem like I go on the super-defensive when I tell you this, but I only think it looks stupid, than it serves its purpose of wasting peoples time - when people find out that it's not 401*151.

This post was edited by eagl3s1ght on Jul 31 2012 03:08pm
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll