POST attack on my website

Posted by benhowdle89 on Pro Webmasters See other posts from Pro Webmasters or by benhowdle89
Published on 2011-03-03T16:27:58Z Indexed on 2011/03/03 23:33 UTC
Read the original article Hit count: 374

Filed under:
|
|

Hi,

I have a site (humanisms.co.uk) which incorporates a voting system, ie. user clicks "Up" and it sends a parameter to a PHP script via AJAX, the PHP inserts vote into MYSQL db and the new "Up" vote is sent back to the page to update the vote count. This is working great but i've noticed that the number of votes for one of my questions shot up last night. I viewed my webhosts access logs and saw this line:

108.27.195.232 - - [03/Mar/2011:15:20:18 +0000] "POST /vote.php HTTP/1.1" 200 2 "http://www.humanisms.co.uk/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.114 Safari/534.16"

This is repeated well over 100 times and sometimes more than once a second. Now i know they probably arent sitting there clicking Vote but running some sort of PHP loop?

I'm not worried about SQL injection but what can i do to prevent this same IP address from doing this or what can i do in general to avoid this scenario.

I should also say that there's no login so anyone can click using the voting system.

Thanks

© Pro Webmasters or respective owner

Related posts about ip-address

Related posts about post