Hello, On this list yesterday: "As long as these tools are out there, it should keep all of us on our toes, and programming with security constantly on our minds."
Today i have tested, Smart HitBot (http://www.hitbot.f2s.com/). Bad stuff for stats, toplist, searchengines etc. Now i want filler out this requests. Do you have some ideas? I will start with a simple script, say: <?php include("counter.php"); if(!real_one()) $counter-=2; $counter++; $fp=fopen("counter.php","w+"); fwrite($fp, <?\n \$counter=$counter; \n?>"); fclose($fp); ?> Maybe i can do something with the interval between 2 requests, with real users this should be 'random', someting like: <? function real_one() { include("real.php"); if ($interval==0) { $interval=time()-$last; $last=time(); } else if($interval==(time()-$last)) { $interval=0; $last=time(); } else { $interval=time()-$last; $last=time(); } $fp=fopen("real.php","w+"); fwrite($fp, <?\n \$interval=$interval;\n \$last=$last; \n?>"); fclose($fp); return $interval; } ?> It's something, but not safe. one real user between two fake -> count 2 fakers. If have also looked at $HTTP_USER_AGENT: -- request1: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) request2: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) request3: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) etc. -- So this will always start with "Mozilla/4.0 (" This will be the same as the header from IE6.0 installed on the same machine. It will be different from faker to faker(???) depending on the installed browser(s). Thanks for your help. Bas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]