Website security measures

4 posts • Page 1 of 1

Fri Sep 30, 2016 10:32 am

Website security measures

Periodically someone will ask me a question about why they sometimes have to fill in a CAPTCHA form to access the site or submit something like a new thread. I know it can seem mysterious, and even sometimes be cumbersome, but there is good reason for it.

A little context:

Bots are programs written by bad guys, that can run in parallel, and live on systems distributed around the globe. They can be coordinated to comb a server on the Internet looking for ways to penetrate and infect it with malicious code, all from different origin IP addresses, making them difficult to block effectively. Sometimes this can be described as a "DDOS" attack, which stands for Distributed Denial of Service. It's a technique used by bad guys to overwhelm a server, which can sometimes reveal more vulnerabilities, possibly giving them access.

Since many of our pages appear in Google results, or are linked from various social media sites, we have become a target.

I use a service that sits in front of my server that identifies the unique attacks and signature behavior of bots, but it's not always easy, so sometimes it has to present a challenge to ensure you're a real human, and if you are, that you're not doing something nasty to our site. The service is called Cloudflare.

I've only gotten that challenge a few times while posting on BCP, and I'm not sure what I did to be identified as a threat. What I do know is that our server is overwhelmed to the point of a freeze at least 5 times a month so I'm okay with an occasional slight inconvenience.

Bottom line is, anytime you've drafted something you'd rather not lose, highlight and copy it before submitting. Make it a habit, on all websites you participate in. CTRL+A (select all), CTRL+C (copy), then if you need to CTRL+V to paste the text. This little habit can prevent a lot of heartache.

Zzz offline