tags:

views:

59

answers:

2
+3  Q: 

What is procedure for stopping robots and malicious scanners that slow down a site?

What should i do to prevent users from running scanners or auto posting robots against my site that would slow down the site processing?

Is it sufficient to timestamp each post a user makes and create a posting delay? How long of an interval should there be?

What else can I do besides te above and captchas on form posts?

thanks

+1  A: 

A time interval is a good idea and is used on Stack Overflow. Different operations should have different time limits depending on:

  1. How often ordinary users are likely to want to use that feature.
  2. How intensive the operation is.

If you have an operation that requires a lot of processing time, you might want to set the limit on that operation higher than for a relatively simple operation.

Stack Overflow combines time limits with CAPTCHAs for editing posts. If you edit too frequently you have to pass a CAPTCHA test.

Mark Byers  2010-03-30 01:09:31
ok what about a simple js ajax post (one variable)? If I had a several of these and is it worth putting in an interval or is there not much to slow down there?
zsharp  2010-03-30 01:14:36
For very simple operations, i.e. when the processing time for checking the rate limits exceeds or is comparable to the time taken for actually performing the operation then there isn't much point in adding the check - just perform the operation.
Mark Byers  2010-03-30 01:34:24
what about a search box that queries sql server? should there be a delay for that? assuming bots attack..
zsharp  2010-03-31 18:06:00
@zsharp: If bots attack you are probably in trouble anyway. Banning their IP address at the router level before it hits your server is probably the best you can do. But certainly if your search query is quite resource intensive then putting a slight delay between requests can buy you some extra time. You can also slowly increase the time required between requests if the user still doesn't slow down.
Mark Byers  2010-03-31 19:19:44
+1  A: 

I googled this a year ago or so and found a list of known "bad useragents", which I added to my .htaccess to block those from accessing my blog. this small change had a significant impact on my bandwidth usage.

futtta  2010-03-30 01:55:27

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?