[FX.php List] Security Concerns with FileMaker Website

Gjermund Gusland Thorsen ggt667 at gmail.com
Wed Jan 24 08:28:45 MST 2007


I assume you do something like this:

<?
session_start();
include_once( $_SERVER['DOCUMENT_ROOT'] . "/projectkey.php" );
if( $key1 != $key2 ) {
        header( "Location: /index.php?status=log_on" );
        exit;
}

ggt667

On 1/24/07, Jonathan Schwartz <jonathan at eschwartz.com> wrote:
>
>
> I have also noticed the bots because I am logging every arrival to my fx.php
> pages for development and customer support resaons.
>
>
> In my solutions, I am using sessions. Without a current session, the page
> never gets past the session check on line 3.  The "user" is redirected to
> the start page to either log in or to start the process (whatever it is).
>
>
> So, the bot might hit the page, but never sees data.
>
>
> Works for me, but YMMV.
>
>
> Hope that helps.
>
>
> Jonathan
>
>
>
>
>
>
>
> Hello everyone,
> In the past hour, I've done some analysis of various logs and emails, and
> I've come to a chilling realization that I've never had before about bots
> harvesting information from websites -- I knew it happened, but I never knew
> the scope of the problem until tonight -- and this is a low traffic website!
>
>
> So, I have a website which contains a public listing of email addresses and
> websites from a FileMaker database.  I want to stop unknown bots from
> crawling the site.  All of the data comes out of FileMaker, nicely formatted
> as links for the end user's clicking convenience.  I have a solution to fix
> email addresses from being harvested, but I was wondering if anyone knows of
> a way to prevent website addresses from being harvested, but still clickable
> as a hyperlink.
>
>
> I thought maybe a PHP redirect link, like redirect.php?id=16 where redirect
> puts a user at the website listed in record 16, but once the PHP is all said
> and done, we're still at the linked website, so that doesn't really prevent
> anything from being harvested.
>
>
> Is there a way to maybe detect is a link was actually clicked by a person,
> and not just passed through by an automated bot?  PHP is preferable for such
> a solution -- JavaScript is too easy to turn off.  Or, is there a way to
> specify that only bots from places like Google, Live, and Yahoo are allowed
> to crawl the site?
>
>
> Hopefully my predicament is clear.  I need to solve this ASAP...
>
>
> --Ed
> ---------------------
> http://www.edwardford.net
>
>
>
>
>
>  _______________________________________________
>  FX.php_List mailing list
>  FX.php_List at mail.iviking.org
>  http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>
>  --
>
>
>
> Jonathan Schwartz
> FileMaker 8 Certified  Developer
> Associate Member, FileMaker Solutions Alliance
> Schwartz & Company
> jonathan at eschwartz.com
> http://www.eschwartz.com
> http://www.exit445.com
> 415-381-1852
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>


More information about the FX.php_List mailing list