0

We are facing multiple attacks on our website. We are basically classified goods website that helps customers to connect to each other.

Bots are stealing data from our website everyday by giving fake mobile numbers. We don't have login mechanism. User have to share their contact number to get other users contact details.

I read this q/a thread stackoverflow prevent scrapping

An intelligent bot can easily avoid moving to files listed in robots.txt, changing cookies, changing user agents.

Even by using captcha, manually they can steal data by putting any random numbers.

We are planning to flag leads as suspicious if its more than x leads per day. The problem here is that bot can use services like TOR to generate unlimited IPs. How can we solve this i.e. if they have unlimited IPs and unlimited numbers, what can be solution to this?

All suggestions welcome except for putting OTP, as we already have that in mind.

Sahil Sharma
  • 3,847
  • 6
  • 48
  • 98
  • Tor only has about 900-1,000 IPs so far from unlimited. If you require users to share their contact number to get other details, why not send an SMS to that phone to verify it? If they can't provide a real phone number, then they cannot get on. Or make people register, or limit a given IP to so many requests per hour/day/period. – drew010 Jun 27 '17 at 20:57
  • Your best bet is a CDN with anti-DDoS. So Cloudflare, Incapsula, Distil - one of those. – pguardiario Jun 27 '17 at 23:35

0 Answers0