I have no clue which programming language would be used for this, so I am wondering if someone can help me. My entire website is run in PHP and I have a problem with people using "scripts" to do things on it automatic. Another website I know can stop them and discover who's doing it, but won't tell me how they do it. Basicly these scripts would keep doing things on my website over and over and it is overloading the database. My website keeps shutting down. My queries only run at 1.43 out of a max 10.00 so it's no problem in the pages. Any help?

You probably need to be a little more specific about what is happening. Is this just a web page the displays information from the database and all you need to do is visit the page or is it a form that submits search data and the form processing code queries the database?

Short answer - there is no one language or technique that you can use to stop someone/script from abusing your site. What you can do is put in safeguards that detect and prevent most of the forms of abuse.

The only information that your web server knows about a visitor is the IP: port (ha ha, if you put a smiley code inside of the icode tag, it is still seen as a smiley. I added the icode thinking that the combination I put on the page would not be seen as a smiley, but icode had no effect. I had to put a space to keep the ": p" from becoming a :p) that made the request to the web server and any optional information that the browser/script provides in headers.

Since most IP addresses are dynamically assigned and proxy servers can be used to make a request, it is easy to get a different IP address. So, banning IP addresses has little return for the amount of effort that goes into doing it.

I mentioned the port number above, because to the best of my knowledge, there are some port numbers that will not be used for legitimate requests made by browsers/routers but are/can be used by anonymous web proxy servers. I also believe, but don't know the specifics, that there are specific port ranges used by "advertising" web proxy servers (those that want you to know they are proxy servers.) The current method that I have seen for anonymous proxy detection is to look at the port number of the request and ignore requests from certain port numbers/ranges of port numbers. For example (someone correct me if I am wrong) but no legitimate request will be made from the remote port 80. Beyond this, I don't know which if any port numbers are "proxy" only. Also, there are legitimate reasons for a request to come through a proxy server, such as for a large corporation, but in these cases the proxy "advertises" that it is a proxy and includes an HTTP_X_FORWARDED_FOR header (anonymous web proxies can include a fake HTTP_X_FORWARDED_FOR header, so receiving one is no guarantee of anything.)

All the rest of the information that comes from a browser/script can be faked and cannot be relied upon. This includes cookies, http_referer, user agent... A script can be made to look exactly like it is a browser visiting your site. Unless you can identify and detect a specific piece of missing or incorrect information that any script is sending, you won't be able to stop a script.

If the information on your site is available only to logged in members, then by using email verified registration, you can at least know who is accessing information and can disable accounts for anyone abusing your site. This will stop purely automated scripts, and will slow someone down that would keep registering on your site using new email addresses.

If this problem is coming through a form/form processing code, you can add a number of things to your code (sessions, human question/answer, captcha, an empty hidden form field that must remain empty, hidden form field with a unique id in it that must be present...) to help insure that it is your form page that submitted to your form processing code, but again, if someone goes to enough effort, they will be able to bypass some/all of these.

If your only symptom is just database over utilization, it is possible that your queries are not being done efficiently times a growing number of page visits. If the queries themselves are being done as efficiently as possible, this might just indicate that your site has grown to the point that you need your own database server.

What symptoms, errors... or other information are you getting when your site shuts down?

If the abuse your site is receiving is from a small range of IP address that all belong to one ISP, make a record of the IP address, dates, and type of abuse, and report it to the ISP. If this is one person (perhaps the person in your other thread where they kept signing up and sending internal email) they will cancel his account.

ISP's have a record of IP address, times, and customers. If they can match up his changing his IP address and times with the abuse of your site, they will take action against him if they are a reputable ISP.

If he is going through web proxies, you probably won't be able to stop him this way though.

I get up to 15 people logged in at one time. I don't think that it would normally lag for that small amount of people. Are virtual servers any good? Or should I buy a dedicated one?

15 concurrent visitors is almost nothing. If that few visitors are causing server resource problems, your code needs to be looked at for problems.

Either that or your server/host isn't very good.

Solve one problem at a time. Your first post says your web site shuts down. Your second post states with 15 users there is problem with lag. What are the actual symptoms?

To solve any problem, you need to identify what is actually causing the symptoms and correct the underlying problem causing each symptom. Throwing resources at a problem rarely fixes anything and just wastes time and money.

Based on what little I have read of your other posts, my guess is you have some on line game and the members are cheating to earn some reward by having an automated script repeatedly submit some data/play their turn?

The quickest way to get specific help, instead of just general guesses, in a forum is to provide a detailed description of what you are doing and what is actually occurring.

I am a beginner at PHP so I really can't give much information, because I don't know. Last time I said I had a game, everyone refused to help me, and didn't think it belonged on these forums. It's not actually a straight game, it's more of a community of friends, most people login to chat and hangout and rarely play the game.

This is my current database info.

Server Load Averages 3.07, 1.84, 1.83
Server Load Limit 10.00
Server Uptime 2 days, 17:25

When I first started the website April 25th 2007, it didn't crash for roughly 60 days. Now it does it weekly. I triple check every script I write and test it as much as possible before releasing it. I block it off to administrator only while I am working on it, so people can't get in there and possibility mess anything up.

About the lag, it will lag for a couple hours and then shut down for about an hour to cool down.