how to stop web bots from stealing your data and band width?

[wvdba]

Hi.
i have successfully installed a captcha routine to our web page to prevent bots from accessing data vs. people. however i have come across a site that attacks our website with a bot/program, grabs the html/asp code and sends the captcha interface to a turing farm for unlocking. the site, provides the captcha answer within 3-5 seconds and returns the answer to his program. then he executes the rest of the program on the page and gets what he wants. i looked at a turing farm site. they charge $0.0019 per captcha answer. i like to find a routine to distinguish between this bot and a human, which is not being able to do. like hovering the mouse over the answer field, clicking the submit button, or something. any ideas how this can be done? i.e. to differentiate between a human and a bot?
thanks.

 

[guitarzan]

yes, we do own the right to the pictures. i'm not sure about the illegal part,

I do not know anything for certain regarding the legal issues, but it would seem to me that if the pictures are copyrighted, then ANY use of them on another site is illegal, and you should be able to go after his ISP to shut him down, if not sue him directly. Maybe put some sort of watermark on the photos with copyright information, and that distribution is prohibited, etc.

 

[MakeItSo]

If you made these pictures, they're automatically copyrighted and any use of them elsewhere by someone else is copyright infringement unless you explicitely granted that use.

Artwork copyright works that way.

You don't need to explicitely prohibit use (although it is not a bad idea to do this). It is forbidden unless explicitely granted.


[navy]"We had to turn off that service to comply with the CDA Bill."[/navy]
- The Bastard Operator From Hell

 

[wvdba]

i appreciate everybody's ideas, inputs and suggestions on this subject. after thinking about this for a while, i think the best way is to block his ip address(es). he may have a bunch of them, but we'll move to block them all.
thanks so much.

 

[wvdba]

ok, i think finally we did something that's helping. here's what i did:
1) kept a log of all the ip addresses that hit our page using

ip_addr = Request.ServerVariables("REMOTE_ADDR")

2) i let this log file fill up for about an hour with ip address and time of hit while he downloaded his info from our site
i anylyzed the data and found out that one particular IP was making 30-40 hits to our site's page. the time coincided with the time i was watching him download the info.
i banned his ip address from the site.
end of the story.
he may change his ip and go with another isp, but i will do the same until he runs out of ip's

 

[JimHilton]

I had a similar problem, A fast, ground, cheap fix is to attach a session("pagecount") = session("pagecount") + 1 on your pages. Set the amount of clicks based on time EG 20 page views in 60 seconds. if they exceed that then send them off to someplace else - I have a liking for disneyland.com

 

[wvdba]

PostJimHilton,
thanks for the suggestion. that's really creative. how would i figure out that 60 seconds have passed? i have to establish a start_time and stop time. the pagecount part works ok, but, i'm trying to find a way to find the 60-second part.
thanks.