On 7/23/2013 12:51 AM, Justin Scott wrote: >> Which brings up another security question. How does other sites >> handle something like this automatically? I mean, if I see an >> attack from an IP address, is it even worth blocking at the firewall?
I had an interesting attack yesterday ... A bot hit a payment form on a site. It entered*legit* information in all the blanks, so it passed both client and server side validation. What it did - in a very short period of time - submitted over 750 separate credit card numbers, all for small but odd amounts, usually under $2.00. Best guess - it had a list of stolen numbers and was looking for "good" ones it could use elsewhere. Only way I could find to stop this was to measure the amount of time between submissions - around 4 seconds each - and add a script to the form that would not allow it to be submitted if it took less than a certain amount of time to filling it out. Fastest I could do it, even with browser prefill, was around 30 seconds, so I set the timer at 20. Attack immediately stopped. Client originally requested this form be in an "anybody can access" section of the site, which I protested. Got an idea I can get them to change their mind when I contact them about it later today. Bots and methods used are getting more and more interesting all the time. The increasing cleverness of some of this stuff keeps me on my toes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356282 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
