Preventing spam bots on site?

Posted by Mike on Stack Overflow See other posts from Stack Overflow or by Mike
Published on 2010-03-12T15:09:45Z Indexed on 2010/03/12 15:17 UTC
Read the original article Hit count: 303

Filed under:
|
|
|
|

We're having an issue on one of our fairly large websites with spam bots. It appears the bots are creating user accounts and then posting journal entries which lead to various spam links.

It appears they are bypassing our captcha somehow -- either it's been cracked or they're using another method to create accounts.

We're looking to do email activation for the accounts, but we're about a week away from implementing such changes (due to busy schedules).

However, I don't feel like this will be enough if they're using an SQL exploit somewhere on the site and doing the whole cross site scripting thing. So my question to you:

If they are using some kind of XSS exploit, how can I find it? I'm securing statements where I can but, again, its a fairly large site and it'd take me awhile to actively clean up SQL statements to prevent XSS. Can you recommend anything to help our situation?

© Stack Overflow or respective owner

Related posts about php

Related posts about cross