?
Solved

how to handle MCAfee Secure Spam Attack (TESTER) on site?

Posted on 2008-11-09
3
Medium Priority
?
500 Views
Last Modified: 2013-12-13
hi guys i am running a site
https://www.mcafeesecure.com/RatingVerify?ref=www.abc.com

www.abc.com
but when Mcafee runs on the site for testing purpose it spams and send alters to administrator(my client) i am a php developer plz guide me how to handle it.
currently i am using a registration based on 3 steps( he doesn't like capache)
1- on step A i use to set session A='some value'
2- on step B i check if it exists or not if not then send back to 1st step
3- same with this step but set empty session after data insertion in the database.
please guide me if there is any other way?
0
Comment
Question by:naeembhatti
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Steve Bink earned 1000 total points
ID: 22924435
Your system only mandates that registrations follow pageA->pageB->pageC.  Granted, McAfee is hired to do this to your site, but it could just as easily be a spam-bot.  In order to prevent these kinds of false registrations, you will need to provide for some type of CAPTCHA device.

As far as just making McAfee not scan that particular page, you should be able to exempt it through your control panel at McAfee's site.  I used them when they were still ScanAlert, and they made it very easy to remove a single page from the scan pattern.  Contact McAfee for more help with this aspect.
0
 

Author Comment

by:naeembhatti
ID: 22958874
thanks routinet for your reply, i just need to know what funciton mcafee do for it?
how he will able to post spam bot to over submit forms?
can u give me link or detail
and also my client doesn't want capache, what to do now?
0
 
LVL 51

Assisted Solution

by:Steve Bink
Steve Bink earned 1000 total points
ID: 22961966
If your client does not want a CAPTCHA, there's not a lot he can do to secure his form submissions.  Anything you provide to the user can be automated just as easily with a bot script.  The only way to tell human from script is to give it a question only a human can understand.

As far as getting McAfee to behave, you'll have to talk to them.  I know ScanAlert had a way to exempt specific pages through their control panel.  I have no idea how that system has changed now that McAfee has rebranded them.  Talk to their support; I'm sure they will be able to tell you how to accomplish this.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question