Anomymous registration in my System
Re: Anomymous registration in my System
No, it won't.
Re: Anomymous registration in my System
thanx a lot
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Anomymous registration in my System
You clearly need to learn more about web development but just saying that won't help you right now.
What you need to do, is figure out how they are adding entries to your database. There are several ways they could be doing that and since we don't know your system we can't offer specific help.
In general, you need to check two things:
1) your database is not open to the public. So make sure the database port or whatever is not accessible from the outside.
2) your script that adds entries to the database is more secure and does not allow direct access. If your web form accesses your script directly, then robots are using that to automatically add entries by-passing your form.
What you need to do, is figure out how they are adding entries to your database. There are several ways they could be doing that and since we don't know your system we can't offer specific help.
In general, you need to check two things:
1) your database is not open to the public. So make sure the database port or whatever is not accessible from the outside.
2) your script that adds entries to the database is more secure and does not allow direct access. If your web form accesses your script directly, then robots are using that to automatically add entries by-passing your form.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
Re: Anomymous registration in my System
Thanx for opening my eyes.. I can see things clearly now
Some scripts does. Some others don't. There's a Place where I added a Gmail smtp notifications once data is saved. In order to know and to notify the seller. When they reach there and try to add data. I received a notification as well the same way I receive it when it's about a normal person. It makes me think that someone is out there. Hiding himself from the analytics and saves the data anonymously.
But u enlightened me.
Thanks a lot.
For anyone else who might comment on this thread. I got one for u. with all due respect I don't need opinion, I need answers
Some scripts does. Some others don't. There's a Place where I added a Gmail smtp notifications once data is saved. In order to know and to notify the seller. When they reach there and try to add data. I received a notification as well the same way I receive it when it's about a normal person. It makes me think that someone is out there. Hiding himself from the analytics and saves the data anonymously.
But u enlightened me.
Thanks a lot.
For anyone else who might comment on this thread. I got one for u. with all due respect I don't need opinion, I need answers
- Attachments
-
- centos_forum_4.JPG (46.55 KiB) Viewed 1816 times
Last edited by mySKILLZ on 2019/10/23 07:23:04, edited 1 time in total.
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Anomymous registration in my System
well, people can't give you more specific help without more details. You need to post the registration form so we can run some tests and see how your access your registration script from the form.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
Re: Anomymous registration in my System
here issoko.com/register.jsp
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Anomymous registration in my System
after a quick look at that, it seems like robots are hitting your "bx.jsp", which does your registration, I guess.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
Re: Anomymous registration in my System
Okay..
The page does the company registration not a single individual one.. It can't be.. Cuz its one among the most complicated algorithm I wrote for them.. And maybe yes cuz its written in a page. No in a class..
And at last NO. Maybe they're hitting the registerServlet.class cuz that what does the single individual registration. Please look at the front first attached image on this thread.. They're coming as self employed status
The page does the company registration not a single individual one.. It can't be.. Cuz its one among the most complicated algorithm I wrote for them.. And maybe yes cuz its written in a page. No in a class..
And at last NO. Maybe they're hitting the registerServlet.class cuz that what does the single individual registration. Please look at the front first attached image on this thread.. They're coming as self employed status
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Anomymous registration in my System
All form submissions must be protected and secured from the sever side. You may add some clever javascript to block most robots, but the server script must do most of the work.
What robots do, is figure out your form layout from the HTML, then hit your action URL systematically.
In your form, its easy to create a curl command like so:
then move on with the next part at company_info_saving2.jsp. So on and so forth.
a good captcha should store a variable within the session then request the user to do some action and then check the result from the server side.
What robots do, is figure out your form layout from the HTML, then hit your action URL systematically.
In your form, its easy to create a curl command like so:
Code: Select all
curl --trace debug.txt 'https://issoko.com/bx.jsp?page=company_info_saving2.jsp&company_name=testcompany&company_category=testcategory&company_type=Private&product_PROVINCE=NORTH&area_code=avenue&company_phone=6969696969&company_email=fake%40company.com' -H 'User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://issoko.com/bx.jsp?page=company_info_saving2.jsp&company_name=testcompany&company_category=testcategory&company_type=Private&product_PROVINCE=NORTH&area_code=avenue&company_phone=6969696969&company_email=fake%40company.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: JSESSIONID=9D500678B177CB50A8C1463F2B0B7A40.jvm1' -H 'Upgrade-Insecure-Requests: 1' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache'
a good captcha should store a variable within the session then request the user to do some action and then check the result from the server side.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Anomymous registration in my System
the page you mentioned above, is different from the screenshot from your first post. So I just hit that form only. But my suggestion to protect all forms still applies.
--
R.I.P. CentOS
--
R.I.P. CentOS
--