how to handle MCAfee Secure Spam Attack (TESTER) on site?

hi guys i am running a site
but when Mcafee runs on the site for testing purpose it spams and send alters to administrator(my client) i am a php developer plz guide me how to handle it.
currently i am using a registration based on 3 steps( he doesn't like capache)
1- on step A i use to set session A='some value'
2- on step B i check if it exists or not if not then send back to 1st step
3- same with this step but set empty session after data insertion in the database.
please guide me if there is any other way?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve BinkCommented:
Your system only mandates that registrations follow pageA->pageB->pageC.  Granted, McAfee is hired to do this to your site, but it could just as easily be a spam-bot.  In order to prevent these kinds of false registrations, you will need to provide for some type of CAPTCHA device.

As far as just making McAfee not scan that particular page, you should be able to exempt it through your control panel at McAfee's site.  I used them when they were still ScanAlert, and they made it very easy to remove a single page from the scan pattern.  Contact McAfee for more help with this aspect.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
naeembhattiAuthor Commented:
thanks routinet for your reply, i just need to know what funciton mcafee do for it?
how he will able to post spam bot to over submit forms?
can u give me link or detail
and also my client doesn't want capache, what to do now?
Steve BinkCommented:
If your client does not want a CAPTCHA, there's not a lot he can do to secure his form submissions.  Anything you provide to the user can be automated just as easily with a bot script.  The only way to tell human from script is to give it a question only a human can understand.

As far as getting McAfee to behave, you'll have to talk to them.  I know ScanAlert had a way to exempt specific pages through their control panel.  I have no idea how that system has changed now that McAfee has rebranded them.  Talk to their support; I'm sure they will be able to tell you how to accomplish this.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.