|
I hope this is the right place to post it.
I have a problem that because of phishing or keylogger ( nobody knows exactly) many accounts of a web site I manage were hijacked. Someone wrote a program (bot) that sent spam using private messages on our site. We changed the passwords meantime and put some captcha forms, but now we seek for a permanent solution to solve this problem.
I looked at hardware based authentication like RSAsecurity, but it is not acceptable for us because it is very expensive and we have multinational user base. I also looked at software based solutions like Bharosa, that is most suitable for us, but they mostly target finance institutions and they are expensive.
Please, share your experience with solution you use to prevent account hijacking and bot logins. Is there any scalable, easy to integrate, pay as you grow authentication solution for consumer web sites? Thanks for any feedback.
|
