Search Results

Search found 371 results on 15 pages for 'fraud prevention'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 6/15 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Spam proof hit counter in Django

    - by Jim Robert
    I already looked at the most popular Django hit counter solutions and none of them seem to solve the issue of spamming the refresh button. Do I really have to log the IP of every visitor to keep them from artificially boosting page view counts by spamming the refresh button (or writing a quick and dirty script to do it for them)? More information So right now you can inflate your view count with the following few lines of Python code. Which is so little that you don't even really need to write a script, you could just type it into an interactive session: from urllib import urlopen num_of_times_to_hit_page = 100 url_of_the_page = "http://example.com" for x in range(num_of_times_to_hit_page): urlopen(url_of_the_page) Solution I'll probably use To me, it's a pretty rough situation when you need to do a bunch of writes to the database on EVERY page view, but I guess it can't be helped. I'm going to implement IP logging due to several users artificially inflating their view count. It's not that they're bad people or even bad users. See the answer about solving the problem with caching... I'm going to pursue that route first. Will update with results. For what it's worth, it seems Stack Overflow is using cookies (I can't increment my own view count, but it increased when I visited the site in another browser.) I think that the benefit is just too much, and this sort of 'cheating' is just too easy right now. Thanks for the help everyone!

    Read the article

  • jquery newbie: combine validate with hidding submit button.

    - by Jeffb
    I'm new a jQuery. I have gotten validate to work with my form (MVC 1.0 / C#) with this: <script type="text/javascript"> if (document.forms.length > 0) { document.forms[0].id = "PageForm"; document.forms[0].name = "PageForm"; } $(document).ready(function() { $("#PageForm").validate({ rules: { SigP: { required: true } }, messages: { SigP: "<font color='red'><b>A Sig Value is required. </b></font>" } }); }); </script> I also want to hide the Submit button to prevent twitchy mouse syndrome from causing duplicate entry before the controller completes and redirects (I'm using an GPR pattern). The following works for this purpose: <script type="text/javascript"> // // prevent double-click on submit // jQuery('input[type=submit]').click(function() { if (jQuery.data(this, 'clicked')) { return false; } else { jQuery.data(this, 'clicked', true); return true; } }); </script> However, I can't get the two to work together. Specifically, if validate fails after the Submit button is clicked (which happens given how the form works), then I can't get the form submitted again unless I do a browser refresh that resets the 'clicked' property. How can I rewrite the second method above to not set the clicked property unless the form validates? Thx.

    Read the article

  • Anyone know of a good open source spam checker in java or c#?

    - by Spines
    I'm creating a site where users can write articles and comment on the articles. I want to automatically check to see if a new article or comment is spam. What are good libraries for doing this? I looked at bayesian classifier libraries, but it seems that I would have to gather a large amount of samples and classify them all as spam or not spam myself... I'm looking for something that can hopefully just tell me right out of the box.

    Read the article

  • Reducing piracy of iPhone applications

    - by Alex Reynolds
    What are accepted methods to reduce iPhone application piracy, which do not violate Apple's evaluation process? If my application "phones home" to provide the unique device ID on which it runs, what other information would I need to collect (e.g., the Apple ID used to purchase the application) to create a valid registration token that authorizes use of the application? Likewise, what code would I use to access that extra data? What seem to be the best available technical approaches to this problem, at the present time? (Please refrain from non-programming answers about how piracy is inevitable, etc.)

    Read the article

  • Avoid running of software after copying to next machine?

    - by KoolKabin
    Hi guys, I have developed a small software. I want to provide and run it commercially only. I want it to be run in the machines who have purchased it from me. If someone copies it from my clients computer and runs it in next computer, I would like to stop functioning/running the software. What can be the ways to prevent the piracy of my software?

    Read the article

  • How do I stop image spam from being uploaded to my (future) site?

    - by Pete Lacey
    I have in mind an idea for a generally accessible site that needs to allow images to be uploaded. But I'm stymied on how to prevent image spam: porn, ads in image form, etc. Assumptions: I'm assuming that the spammers are clever, even human. I'm skeptical of the efficacy of image analysis software. I do not have the resources to approve all uploads manually. I am willing to spend money on the solution -- within reason. This site will be location-aware, if that helps. How does Flickr do it or imgur? Or do they?

    Read the article

  • spam and dirty words comment post filtering in python (django)

    - by sintaloo
    Hi All, My basic question is how to filter spam and dirty words in a comment post system under python (django). I have a collection of phrases (approximately 3000 phrases) to be filtered. Question (1), are there any existing open source python (or django) package/module/plugin which can handle this job? I knew there was one called Akismet. But from what I understood, it will not solve my problem. Akismet is just a web service and filter the words dictionary defined by Akismet. But I have my own collection of words. Please correct me if I am wrong. Question (2), If there is no such open source package I can use, how to create my own one? The only thing I can think of it's to use regular expression and join all the word phrases with 'or' in a regular expression. but I have 3000 phrases, I think it won't work in term of performance and filter every comment post. any suggestions where should I start from? Thank you very much for your help and time.

    Read the article

  • Query DNSBL or other block lists using PHP

    - by 55skidoo
    Is there any way to use PHP code to query a DNSBL (block list) provider and find out if the IP address submitted is a bad actor? I would like to take an existing IP address out of a registration database, then check whether it's a known block-listed IP address by performing a lookup on it, then if it's a blacklisted, do an action on it (such as, delete entry from registration database). Most of the instructions I have seen assume you are trying to query the blocklist via a mail server, which I can't do. I tried querying via web browser by typing in queries such as "58.64.xx.xxx.dnsbl.sorbs.net" but that didn't work.

    Read the article

  • Why doesn't my form post when I disable the submit button to prevent double clicking?

    - by John MacIntyre
    Like every other web developer on the planet, I have an issue with users double clicking the submit button on my forms. My understanding is that the conventional way to handle this issue, is to disable the button immediately after the first click, however when I do this, it doesn't post. I did do some research on this, god knows there's enough information, but other questions like Disable button on form submission, disabling the button appears to work. The original poster of Disable button after submit appears to have had the same problem as me, but there is no mention on how/if he resolved it. Here's some code on how to repeat it (tested in IE8 Beta2, but had same problem in IE7) My aspx code <%@ Page Language="C#" CodeFile="Default.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <script language="javascript" type="text/javascript"> function btn_onClick() { var chk = document.getElementById("chk"); if(chk.checked) { var btn = document.getElementById("btn"); btn.disabled = true; } } </script> <body> <form id="form1" runat="server"> <asp:Literal ID="lit" Text="--:--:--" runat="server" /> <br /> <asp:Button ID="btn" Text="Submit" runat="server" /> <br /> <input type="checkbox" id="chk" />Disable button on first click </form> </body> </html> My cs code using System; public partial class _Default : System.Web.UI.Page { protected override void OnInit(EventArgs e) { base.OnInit(e); btn.Click += new EventHandler(btn_Click); btn.OnClientClick = "btn_onClick();"; } void btn_Click(object sender, EventArgs e) { lit.Text = DateTime.Now.ToString("HH:mm:ss"); } } Notice that when you click the button, a postback occurs, and the time is updated. But when you check the check box, the next time you click the button, the button is disabled (as expected), but never does the postback. WHAT THE HECK AM I MISSING HERE??? Thanks in advance.

    Read the article

  • Prevent Rails link_to_remote multiple submits w Javascript

    - by Chris
    In a Rails project I need to keep a link_to_remote from getting double-clicked. It looks like :before and :after are my only choices - they get prepended/appended to the onclick Ajax call, respectively. But if I try something like: :before => "self.stopObserving()" t,he Ajax is never run. If I try it for :after the Ajax is run but the link never stops observing. The solutions I've seen rely on creating a variable and blocking the whole form, but there are multiple link_to_remote rows on this page and it is valid to click more than one of them at a time - just not the same one twice. One variable per row declared outside of link_to_remote seems very kludgey... Instead of using Prototype I originally tried plain Javascript first for this proof of concept - but it fails too: <a href="#" onclick="self.onclick = function(){alert('foo');};"click</a just puts up an alert when clicked - the lambda here does nothing? This next one is more like the desired goal and should only alert the first time. But instead it alerts every time: <a href="#" onclick="alert('bar'); self.onclick = function(){return false;};"click</a All ideas appreciated!

    Read the article

  • Preventing spam bots on site?

    - by Mike
    We're having an issue on one of our fairly large websites with spam bots. It appears the bots are creating user accounts and then posting journal entries which lead to various spam links. It appears they are bypassing our captcha somehow -- either it's been cracked or they're using another method to create accounts. We're looking to do email activation for the accounts, but we're about a week away from implementing such changes (due to busy schedules). However, I don't feel like this will be enough if they're using an SQL exploit somewhere on the site and doing the whole cross site scripting thing. So my question to you: If they are using some kind of XSS exploit, how can I find it? I'm securing statements where I can but, again, its a fairly large site and it'd take me awhile to actively clean up SQL statements to prevent XSS. Can you recommend anything to help our situation?

    Read the article

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • Spotting similarities and patterns within a string - Python

    - by RadiantHex
    Hi folks, this is the use case I'm trying to figure this out for. I have a list of spam subscriptions to a service and they are killing conversion rate and other usability studies. The emails inserted look like the following: [email protected] [email protected] [email protected] roger[...]_surname[...]@hotmail.com What would be your suggestions on spotting these entries by using an automated script? It feels a little more complicated than it actually looks. Help would be very much appreciated!

    Read the article

  • Do I need to sanitize the callback parameter from a JSONP call?

    - by christian studer
    I would like to offer a webservice via JSONP and was wondering, if I need to sanitize the value from the callback parameter. My current server side script looks like this currently (More or less. Code is in PHP, but could be anything really.): header("Content-type: application/javascript"); echo $_GET['callback'] . '(' . json_encode($data) . ')'; This is a classic XSS-vulnerability. If I need to sanitize it, then how? I was unable to find enough information about what might be allowed callback strings.

    Read the article

  • Disabling javascript in specific block/div (containing suspect HTML) ?

    - by T4NK3R
    Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

    Read the article

  • Calculating probability that a string has been randomized? - Python

    - by RadiantHex
    Hi folks, this is correlated to a question I asked earlier (question) I have a list of manually created strings such as: lucy87 gordan_king fancy_unicorn77 joplucky_kanga90 base_belong_to_narwhals and a list of randomized strings: johnkdf pancake90kgjd fancy_jagookfk manhattanljg What gives away that the last set of strings are randomized is that sequences such as 'kjg', 'jgf', 'lkd', ... . Any clever way I could separate strings that contain these apparently randomized strings from the crowd? I guess that this plays a lot on the fact that certain characters are more likely to be placed next to others (e.g. 'co', 'ka', 'ja', ...). Any ideas on this one? Kylotan mentioned Reverend, but I am not sure if it can be used fr such purpose. Help would be much appreciated!

    Read the article

  • Malicious crawler blocker for ASP.NET

    - by Marek
    I have just stumbled upon Bad Behavior - a plugin for PHP that promises to detect spam and malicious crawlers by preventing them from accessing the site at all. Does something similar exist for ASP.NET/ASP.NET MVC? I am interested in blocking access to the site altogether, not in detecting spam after it was posted.

    Read the article

  • Attack from anonymous proxy

    - by mmgn
    We got attacked by some very-bored teenagers registering in our forums and posting very explicit material using anonymous proxy websites, like http://proxify.com/ Is there a way to check the registration IP against a black list database? Has anyone experienced this and had success?

    Read the article

  • Microsoft AntiXSS in Medium Trust :Error

    - by aramugam
    I want to include Microsoft AntiXss V1.5 library on my live site running in a medium trust setting.However, I got an error something like: Required permissions cannot be acquired. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired. I tried this in full trust setting on my development machine and everything works good.Looks like this will run only in full trust configuration......Does anybody knows a solution or workaround for this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >