开发者

prevent $_POST bombing

I have a contact form that sends to my email and I recently got attacked by some sort of spam attack... I received like 76k emails overnight from the same IP address. It made me really mad. What can I do to fix this? I know I can implement captcha but I d开发者_如何学Pythonon't want that. :\

What else can I do to prevent multiple form submit?


You could try to stop this in a number of different ways:

  • CAPTCHA (you already said you didn't like it but it's possibly the easiest solution)
  • Answering some kind of question that it's easy for a person to answer but not a script
  • Making sure the user is signed in before they can submit (assuming they have to be registered)
  • Rate limit the form so that each IP address can only submit once every N period of time


You can use Akismet, which does not use validation.


To avoid captcha, you can filter IP, for example allow maximum 10 messages per day from the same IP.

Every time someone send a message store the ip and increment a counter in a database.


a captcha is a very common way to prevent such (and for a very good reason, you should think about it)

if not you could set a cookie and check whether its set, if it is, disallow sending the mail, or log the ip in a file or a database and check when the ip last sent the mail, and if the difference is small enough, disallow the mail to be sent


The single easiest thing to do is to make the form submission (or rendering) require javascript execution. It's a little antisocial for anyone who has NoScript installed, but the majority of automated scripts won't be able to handle it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜