Web Analytics Made Easy -
StatCounter Prevent malicious ppl from creating account.. - CodingForum

Announcement

Collapse
No announcement yet.

Prevent malicious ppl from creating account..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prevent malicious ppl from creating account..

    hi,

    have you guys seen a picture with random alphanumeric strings when you register in some accounts in the web?

    I think it is generated realtime. I think when a new user goes into that page to create a new account or something, the graphic will be generated in realtime as a "key" that you will have to type into some textbox to prevent ppl from attacking the create account script...

    Can i find something like that for free??

    Do you get what i mean?
    Warm Regards,
    Jacky

  • #2
    Could it be php? The following php board has that feature.

    http://www.boozebros.ca
    Leonard Whistler

    Comment


    • #3
      http://www.devarticles.com/c/a/PHP/G...e-Fly-With-PHP
      Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

      Comment


      • #4
        One way to prevent this is to require email activation. When the account is created do not activate it immediately. Send an email to the address given with a link for the person to click that activates the account. Then just set things up so that the accounts that don't get activated after a certain number of days have passed are deleted.
        Spookster
        CodingForum Supreme Overlord
        All Hail Spookster

        Comment


        • #5
          PHP Code:
          activated='1' // sql table something 
          To activate your account
          Last edited by fr0stx; Feb 29, 2004, 11:45 AM.
          http://e-hosti.com :: Our low cost web hosting packages... 99% Uptime... 30 Day Money Back Guarantee...

          Comment


          • #6
            how very informative fr0stx

            problem with email verifation ONLY is that bad people might clog up your mail server with fake e-mails. then you might get lots of emails from people saying thnigs like "what are you sending this to me for!" best is grfx check and e-mail
            photoshop too expensive? use the GIMP! www.gimp.org

            Comment


            • #7
              Originally posted by whackaxe
              how very informative fr0stx

              problem with email verifation ONLY is that bad people might clog up your mail server with fake e-mails. then you might get lots of emails from people saying thnigs like "what are you sending this to me for!" best is grfx check and e-mail
              The only thing that the graphics feature does is prevent automated scripts from exploiting the registration. It can't stop a person from sitting there entering it in. So even with that feature a person can clog up your mail server.

              The main point here is to prevent the creation of an account as the subject of the thread states. Spammers are usually the ones that wish to create the accounts especially if it is to a site where they can publicly post things so they can spam.

              With email verification only this would prevent that as they would need a valid email address to activate the account and that makes things much more difficult for them as well as leave a trail that can lead back to them in the case of a criminal investigation.
              Spookster
              CodingForum Supreme Overlord
              All Hail Spookster

              Comment


              • #8
                knew i'd forgotten something timelock the registration form so you can't reuse it for a couple of minutes or so. any one else got any orther measures you could add to this forteress?
                photoshop too expensive? use the GIMP! www.gimp.org

                Comment


                • #9
                  thats ok but would require sessions/cookies/IP Tracking. If you locked the form for everyone then you could lose the chance of more members.

                  Sessions - Close the browser, bye bye session. This wouldnt prevent much.

                  Cookies - Just delete the cookie or dont accept it in the first place.

                  IP Tracking - Could be dynamic IP, or could re-connect to the internet. Also though, if more than one person on a network wanted to register this could be a problem.
                  PHP Weekly - A PHP Developers Resource
                  PHP 5.1.4 and Ruby on Rails web hosting
                  Moderator of PHP and Work offers and Requests
                  Install Apache/PHP/MySQL
                  (by marek_mar) | TinyPlugin Architecture

                  Comment


                  • #10
                    Originally posted by whackaxe
                    how very informative fr0stx

                    problem with email verifation ONLY is that bad people might clog up your mail server with fake e-mails. then you might get lots of emails from people saying thnigs like "what are you sending this to me for!" best is grfx check and e-mail
                    oh sorry my mistake.. i thought it was verfiation new account
                    http://e-hosti.com :: Our low cost web hosting packages... 99% Uptime... 30 Day Money Back Guarantee...

                    Comment


                    • #11
                      no probs fr0stex. just try and read whole post.


                      @missing score: well theres always a hole in every kindof protection of this sort, but hey, why make it easy for the losers
                      photoshop too expensive? use the GIMP! www.gimp.org

                      Comment


                      • #12
                        Originally posted by whackaxe
                        @missing score: well theres always a hole in every kindof protection of this sort, but hey, why make it easy for the losers
                        True... just becuase they have disadvantages doesnt mean you shouldnt use them (i often implement one of these methods, if not more), becuase its not going to reduce security and like you said, people who have no idea what they are doing will not be able to get very far, I just think its important that people know that these methods arent going to stop someone who knows what they're doing. eg: When I began coding, I thought that the IP tracker was this amazing tool that would stop everyone dead in their tracks, but now I know different.
                        Last edited by missing-score; Mar 1, 2004, 01:00 PM.
                        PHP Weekly - A PHP Developers Resource
                        PHP 5.1.4 and Ruby on Rails web hosting
                        Moderator of PHP and Work offers and Requests
                        Install Apache/PHP/MySQL
                        (by marek_mar) | TinyPlugin Architecture

                        Comment


                        • #13
                          First of all, woah...i just would like to take this opportunity to thank all those who has replied me... THANK YOU!!

                          Len Whistler, i went to that link, it has the feature that i want to develop? Any ideas on how to do that, a link maybe?

                          Spookster, we already have the email activation system up and running...thanks for the effort though!

                          whackaxe, you got what i'm thinking...actually by implementing the dynamic image generation algorithm , our system will still be populated by the fake emails, if there are some useless ppl who has too much time, to register again and again and again...i'm interested in this dynamic thingy mechanism because other programmers can't simply create an algo just to attack my registration script (the script that is used to create the user accounts)...

                          Spookster, and again...the way you think is totally the same as me!!

                          Actually all this stuff is to prevent some programmers that were hired by another ppl to attack our sites...Myself, i don't believe that ppl will be so free enough to create and create and create a new user account...It is taking too much time...(so this is not a possiblity). The main idea is to TRY to prevent malicious codes from attacking our sites...Don ya all think so??
                          Warm Regards,
                          Jacky

                          Comment


                          • #14
                            Originally posted by jacky_cheecheo
                            Len Whistler, i went to that link, it has the feature that i want to develop? Any ideas on how to do that, a link maybe?
                            The link i posted contains every line of code you need...
                            Originally posted by jacky_cheecheo
                            The main idea is to TRY to prevent malicious codes from attacking our sites...Don ya all think so??
                            If only life would be that simple...

                            It's a necessary measure and it looks sprofessional and creates some nice illusion of safety to some users, but it wouldn't stop me and a few thousand otrhers, from bringing down your server r hacking into your app. Like others said here : you need to apply all defenses you've got against DSO attacks, brute-forcing and fake registrations.

                            But most importantly : be sensible !

                            Don't create to much fuss if there are hardly any fake registrations. Checking up on things, monitoring which accounts are actually activated and used, don't allow hotmail-adresses, require people to accept cookies, checking your loggs etc are much better defences then automatic checks ('Human interfaces' still rule! You'll never be able to beat the robots that determined and skilled people let loose on your site. I wonder, how many people would be able to write/adapt a tool to read a gif and do some pattern recognition to extract the numbers and letters from it?)

                            just my two cents.
                            Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

                            Comment


                            • #15
                              raf, thanks for the two cents...your point of view is very much taken into consideration. Thanks again for the informations.

                              Still i'm keen on implementing that nifty thingy that i was looking for, thanks for the link though...

                              until then...
                              Warm Regards,
                              Jacky

                              Comment

                              Working...
                              X