How to protect/monitor your site from crawling by malicious user

后端 未结 9 750

Situation:

  • Site with content protected by username/password (not all controlled since they can be trial/test users)
  • a normal search engine can\'t get at i
9条回答
  •  星月不相逢
    2021-02-06 19:29

    I would not recommend automatic lock-outs, not so much because they are necessarily evil, but because they provide immediate feedback to the malicious user that they tripped a sensor, and let them know not to do the same thing with the next account they sign up with.

    And user-agent blocking is probably not going to be very helpful, because obviously user-agents are very easy to fake.

    About the best you can probably do is monitoring, but then you still have to ask what you're going to do if you detect malicious behavior. As long as you have uncontrolled access, anyone you lock out can just sign up again under a different identity. I don't know what kind of info you require to get an account, but just a name and e-mail address, for instance, isn't going to be much of a hurdle for anybody.

    It's the classic DRM problem -- if anyone can see the information, then anyone can do anything else they want with it. You can make it difficult, but ultimately if someone is really determined, you can't stop them, and you risk interfering with legitimate users and hurting your business.

提交回复
热议问题