Page 2 of 2

Re: how do you prevent spamming votes and page views

Posted: Mon Mar 15, 2010 7:10 pm
by flying_circus
You need to determine what is acceptable in terms of how many times a user may make a page request within an allotted time. Also, are page views restricted only to authenticated users?

If only authenticated users are allowed to view your site, then you can create a traffic table in your database. Insert a new row on each page request and store the user's Id and timestamp (along with any other traffic you want to analyze). On each page request, retrieve the records from the database and count how many page requests have been made. If they've exceeded their allotted views, throttle them.

Code: Select all

<?php
/* psuedo-code */
  # Vars
    $traffic_window = 60;  // 60 seconds
    $traffic_max_requests_per_window = 10;  // Allow the user 10 requests per minute.
 
  # On page Request - Fetch Traffic
    $traffic = "SELECT `timestamp` FROM `traffic` WHERE `user_id`='1' AND `timestamp`>'" . (time() - $traffic_window) . "';";
 
  # Check Activity
    if(num_rows($traffic) > $traffic_max_requests_per_window) {
      // Throttle User.  Redirect them to error page or something.
    } else {
    # Acceptable traffic pattern.  Increment activity.
      "INSERT INTO `traffic` (`user_id`, `timestamp`) VALUES ('1', '" . time() . "')";
    
    # Garbage Collection
      "DELETE FROM `traffic` WHERE `timestamp`<'" . (time() - $traffic_window) . "';";
    }
?>
If anonymous users are allowed to view your site, bind your traffic table based on IP, rather than user id.

Re: how do you prevent spamming votes and page views

Posted: Mon Mar 15, 2010 7:25 pm
by scarface222
Thanks for your help man, I will look into implementing these things and let you know how it goes. I believe that is a really good idea for controlling people who try to kill your bandwidth, but in terms of just page views, I am still going to look into trying to implement some sort of session scheme since it is more precise into limiting views and will not interrupt user experience. It is a good idea to implement your suggestion though for abusive users who try to kill bandwidth through mass requests. I am gonna study the phpbb code for a while. Thanks again for all your suggestions, really appreciate it.

Re: how do you prevent spamming votes and page views

Posted: Tue Mar 16, 2010 11:40 am
by scarface222
ok this is the last thing I am posting in this topic, for the page view problem, I just set a session variable on the page, so if the user tries to keep refreshing it will not work. It seems to work decently. If anyone knows a better way or modification please let me know. Thanks again everyone, especially circus on this one.

Code: Select all

if ($_SESSION['views']!==$topic_id){
mysql_query ("update counter set views='$views' where topic_id='$topic_id'");
}
$_SESSION['views']=$topic_id;