Hi all,My website is constantly attacked by spammers and I have very few user management softwares. Can anyone advise me which measures should I take and which settings should I use? Thanks beforehand
What software are you running ? If it's WordPress, the akismet plugin is quite popular for detecting spam. There are other plugins that can add a Captcha or require a user to login however I wouldn't suggest those as some users simply won't bother. If your software is custom made, you will have to custom make your spam filtering software as well. I have written a very simple test on my blog comment form that tests to see if a user is running JavaScript. This method has it's flaws in theory but in practice it has been 100% successful.
http://www.google.com/ ? But seriously: http://codex.wordpress.org/Combating_Comment_Spam http://akismet.com/download/ http://www.ioerror.us/software/bad-behavior/ http://unknowngenius.com/blog/wordpress/spam-karma Apparently, Captchas are getting less and less effective and they still piss off your users just as much but if you want to try one out, try ReCaptcha. It has the added advantage of helping to digitise books at the same time as proving that your users are human.
actually you are a real FUNNY guy your site is about site security and how in heaven or hell do you expect even a single person on this planet to trust your site/services or SW if your very own site is insecure and hacked all the time ??? do a full nessus scan on your site - yourself! then look at the details and get it all tight also test your mail server and DNS ( see other current threads on those topics )
You haven't answered questions. What scripts are you running, which form is being used for the spam and what do you have in place currently - e.g. any CAPTCHAs?
Huh? I think you misunderstood. How about a link to the site with the problem? Preferably a specific page.
but still VERY FUNNY !!! !!! " ... My website is constantly attacked by spammers ... " why not start with full security scan ( nessus ) or so on your server IF server yours then see the warnings you get and clean up all
The site is down i need some kind of software to prevent my next site down, it was hacked not only spam Believe me this is not funny,i'll do this before its not helping
1. normally u need no SW to prevent this from happening again but you may need to investigate to find exact method of hacking - THEN u need to secure that existing SW allowing hackers to penetrate site, hence you may need to do EXACTLY as i pubslihed days ago in : http://forums.digitalpoint.com/showthread.php?t=547049 still funny !! because it happens to almost all and those who say "not to me" they simply never searched for traces left from previous hacks. how many sites are hacked these past months ? a very rough guess = millions. last night a site of a bank in ro ... so to avoid being hacked you as much as all others simply need to LEARN the SW you have installed and need to learn to fully configure your entire server securely after that only you may install monitoring tools to protect like snort nessus fail2ban etc before setting up such SW - FIRST secure every aspect of your site. from apache config to PHP config etc ALL including DISABLE password login and go strict with serverkey-login disable any kind of upload of ANY file for now do as in above other thread - take time - all time it takes you UNTIL you found 100% evidence of entry of hackers ! get all the log files then use your system tools on your hopefully Linux box to do all the forensics work
it was no serious bank - one of this modern fast/easy money banks they all the same like private sites all want to earn fast easy money no one nowadays loves to work to earn his money in a totally clean way it took me decades to learn what i do now i started high tech electronics/communication some 40yrs ago, junior IT coder some 35yrs ago, own desktop some 22yrs ago and site 10+ yrs ago and still spending every single yr 500-1000hr in learning site security etc ... and still being challenged every day or week and still having many dozens of sleepless nights to AVOID above problems and to monitor my server ( i run 2 laptops side by side almost continuously for full server remote monitoring and control and i have ONE single site on my own server under my own full control - while most younger ones love to have many sites on shared / cheapest hosting totally OUT of their own control and even worst .. many such site owners belief that for the few $ a months they pay to hosting, the host will control THEIR site and their misconfigured site-SW ... and all that for 5 or so $/m ... ALL with zero exception - of those small sites are working/living/publishing FAR beyond their own limits of full understanding !! hence all this hacker stuff is a solid lesson for all who want to make an easy living within a few months or years ... and possible spend the other few yrs behind bars for gross negligence and accommodating hackers / risking / damaging other ppls stuff, etc we ALL started SMALL and some grew slowly but safely over many years - steadily step by step as much as they grow inside they let the site grow, others however want to be big at once - want to have a fully feautured site within a few months or even weeks, without the strength/time/knowledge and sense of responsibility to first learn then do what they want to do
If all that does not help, have someone take a look at your server and coding.. www dot stealth-iss dot com might help
Depending on the size of the DDoS, you can mitigate it with a software firewall. If it's a large DDoS, you'll either need to purchase or find a host that has upstream firewall control that can help with this, or just nullroute the IP address and ride it out.