Hello, i need a page like this for my hotel. It's in the index and check if you are a bot or not.
https://ibb.co/NtBjxN7
anti-bot page
Hello, i need a page like this for my hotel. It's in the index and check if you are a bot or not.
https://ibb.co/NtBjxN7
You can do this via code or using Cloudflares Pro package which is $20 a month
i need the php page without buying cloudflare
Cloudflare is easily to bypass.
Alot of hotels doing it by itself cuz is more hard to bypass.
Indeed! can u help me?
That explains why Cloudflare is so popular huh?Originally Posted by Vinny95
Don't go around spreading lies because you think you've heard someone mention something ungratefully false somewhere. Using Cloudflare's services to utilize a Google CAPTCHA API is no different between doing it locally on your server machine, Cloudflare would be even "safer" because they are literally pros in what they do, they've been doing it for years whilst you can't even set up a PHP file yourself to do what you want to do to "make it safer than Cloudflare". Read the link Joorren sent and figure it out yourself, no one is gonna do a request for you here, we'll help if you get stuck but we won't do it for you.
The "browser check" is what is bypassable but the captcha using CloudFlare Pro and higher is a different story, because they create these yourself using their shortcode tags that they provide you, $20 is a small amount of money to protect your site and if you do not wish to invest $20 a month I really doubt you should run a website.
I do not advise you to use this on a live environment but this might give you some basic idea of what you need to do
I know this is not a ideal way of doing it (so do not want all the hate, just a quick make shift help for this guy who has asked here and other sites
recaptchalib.php
https://pasted.pm/VxojpZq4yi
For your index.php file
https://pasted.pm/RyQWok6NER
Last edited by NOC; 10-11-19 at 02:03 PM.
Thing with cookie sessions though is that the end-user can modify their cookies to set them to anything, thus, that's why we never store confidential information on cookie sessions (for example, we don't store account ids as an "authorization" key for access). What I would do is get the user agent and remote address, combine them and store them in a temporary database table with a timeout for say, x minutes, depending on how severe your bot attacks are. From there on I would redirect users from a global page with an IF statement where as if they're requested to go through the CAPTCHA, then redirect them to page x.
All in all, this ^ is what we want to avoid, therefore, we use services such as Cloudflare, because they specialize in what they do. Alternatively, like every other web service out there, just add the CAPTCHA to the registration, that's common practice these days when some server experiences a high value of bot traffic.
To clarify, no one here is hating on anyone, don't get me/us wrong.
Yep, In a situation where I had time to do something of a higher standard, I shared a quick fix for him as a base to build on as he learns as I do not mind helping people but will not simply spoon feed people who do not want to learn or pay for a professional service.
I like to hear feedback / other peoples views on what I share but when working on something in a professional scenario I take the time setup a secure environment when important data is going to be used / stored, for most retro purposes when not willing to pay the $20 fee for cloudflare pro something simple should be fine that you can build on as your skill set improves.
That's not a lie.
If you want there is alot of services where help you to bypass the JS Challange of Cloudflare.
Im talking cuz i got bypassed with CF PRO. I tried with a GeoBlock too but is bypassable too.
Cloudflare is safer for the normal attacks, but if you have a botnet with CF Bypass or something similiar, your hotel will go offline always.
The only way to be protected atm is that shit: https://ihabbol.vg/security
I no want any request lol. If you want to know more about that, we can talk in discord ;)
You have to realize that using a PHP page won't stop the bot traffic though... right? It just won't get past that page but the connection will still be made... thus making all of this useless for the needs you claim to have. That's why we've got Cloudflare to operate on their public machines to authenticate the user agent BEFORE sending them over to your website...
Come on now.
Come on.. try to attack in Layer 7 this hotel.
Don't talk only.
Cloudflare can be easily bypassed. I can prove it without problem.
OK, so you're saying... if you put a page with a CAPTCHA, that will "stop" all the HTTP attacks on the web server?
Yeah, thanks for convincing me you're full of shit lol.
Reply With Quote