• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

how to handle MCAfee Secure Spam Attack (TESTER) on site?

hi guys i am running a site

but when Mcafee runs on the site for testing purpose it spams and send alters to administrator(my client) i am a php developer plz guide me how to handle it.
currently i am using a registration based on 3 steps( he doesn't like capache)
1- on step A i use to set session A='some value'
2- on step B i check if it exists or not if not then send back to 1st step
3- same with this step but set empty session after data insertion in the database.
please guide me if there is any other way?
  • 2
2 Solutions
Steve BinkCommented:
Your system only mandates that registrations follow pageA->pageB->pageC.  Granted, McAfee is hired to do this to your site, but it could just as easily be a spam-bot.  In order to prevent these kinds of false registrations, you will need to provide for some type of CAPTCHA device.

As far as just making McAfee not scan that particular page, you should be able to exempt it through your control panel at McAfee's site.  I used them when they were still ScanAlert, and they made it very easy to remove a single page from the scan pattern.  Contact McAfee for more help with this aspect.
naeembhattiAuthor Commented:
thanks routinet for your reply, i just need to know what funciton mcafee do for it?
how he will able to post spam bot to over submit forms?
can u give me link or detail
and also my client doesn't want capache, what to do now?
Steve BinkCommented:
If your client does not want a CAPTCHA, there's not a lot he can do to secure his form submissions.  Anything you provide to the user can be automated just as easily with a bot script.  The only way to tell human from script is to give it a question only a human can understand.

As far as getting McAfee to behave, you'll have to talk to them.  I know ScanAlert had a way to exempt specific pages through their control panel.  I have no idea how that system has changed now that McAfee has rebranded them.  Talk to their support; I'm sure they will be able to tell you how to accomplish this.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now