Website Question - New Site

John Davies
John Davies used Ask the Experts™
on
I am looking to launch a site at the end of the year that has been in production for the past year. During a SWOT analysis and competitor testing I found bots by the plenty, even sending site mail, web and mobile.

Now that I am looking into the security of the site and users and implementing measure to counteract rogue account creation I was wondering whether anyone had a fundamental list of ideas to add. I have looked at text messaging to confirm, CAPTCHA etc, just wondering whether anyone had a link to an abundance of ideas or are able to provide them.

I am looking for the following really

  • BOT prevention (bad bots)
  • Fake accounts creation
  • In Site Mail security
  • SQL injections
  • Site security

Thanks for reading and help

John
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Developer & EE Moderator
Fellow 2018
Most Valuable Expert 2013
Commented:
BOT prevention (bad bots)
Are there good bots for submiting forms?  If so, you may want to build an api.  Otherwise, use a captcha service https://www.google.com/recaptcha/intro/invisible.html

Fake accounts creation
Bump up data against a 3rd party api like Melissa data to verify name and/or address http://www.melissadata.com/lookups/  There are going to be many data companies that do the same thing.  

SQL injections
This should be standard practice for anytime you accept data.  It will depend on your language and database as to how you do this.  Parameter queries area  start.  Sanitizing data.  Converting special characters.

In Site Mail security
If you mean some type of messaging system that goes through your own db, then the standard sql injection and data sanitation practices are what you need as well as making sure somebody is, "logged in".

Site security
This is too broad to comment on without more details about your site.  Most of what I already said should apply in addition to running all pages over https.
Dr. KlahnPrincipal Software Engineer

Commented:
The available solutions are different for Apache, IIS, nginx and other servers.  Which one is the intended server?

Author

Commented:
Spot on, some good things to follow there, appreciate your time to answer Scott

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial