Website Question - New Site

I am looking to launch a site at the end of the year that has been in production for the past year. During a SWOT analysis and competitor testing I found bots by the plenty, even sending site mail, web and mobile.

Now that I am looking into the security of the site and users and implementing measure to counteract rogue account creation I was wondering whether anyone had a fundamental list of ideas to add. I have looked at text messaging to confirm, CAPTCHA etc, just wondering whether anyone had a link to an abundance of ideas or are able to provide them.

I am looking for the following really

  • BOT prevention (bad bots)
  • Fake accounts creation
  • In Site Mail security
  • SQL injections
  • Site security

Thanks for reading and help

John
John DaviesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
BOT prevention (bad bots)
Are there good bots for submiting forms?  If so, you may want to build an api.  Otherwise, use a captcha service https://www.google.com/recaptcha/intro/invisible.html

Fake accounts creation
Bump up data against a 3rd party api like Melissa data to verify name and/or address http://www.melissadata.com/lookups/  There are going to be many data companies that do the same thing.  

SQL injections
This should be standard practice for anytime you accept data.  It will depend on your language and database as to how you do this.  Parameter queries area  start.  Sanitizing data.  Converting special characters.

In Site Mail security
If you mean some type of messaging system that goes through your own db, then the standard sql injection and data sanitation practices are what you need as well as making sure somebody is, "logged in".

Site security
This is too broad to comment on without more details about your site.  Most of what I already said should apply in addition to running all pages over https.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
The available solutions are different for Apache, IIS, nginx and other servers.  Which one is the intended server?
0
John DaviesAuthor Commented:
Spot on, some good things to follow there, appreciate your time to answer Scott
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Messaging

From novice to tech pro — start learning today.