How to protect/monitor your site from crawling by malicious user

后端 未结 9 756

Situation:

  • Site with content protected by username/password (not all controlled since they can be trial/test users)
  • a normal search engine can\'t get at i
9条回答
  •  悲&欢浪女
    2021-02-06 19:18

    @frankodwyer:

    • Only trusted user agents won't work, consider especially IE user-agent string which gets modified by addons or .net version. There would be too many possibilities and it can be faked.
    • variation on point 3. with notification to admin would probably work, but it would mean a non-determined delay if an admin isn't monitoring the logs constantly.

    @Greg Hewgill:

    • The auto-logout would also disable the user account. At the least a new account would have to be created leaving more trails like email-address and other information.

    Randomly changing logout/disable-url for 3. would be interesting, but don't know how I would implement it yet :)

提交回复
热议问题