Hmm. Spamming registers.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Hmm. Spamming registers.

Post by Mightywayne »

Hi again. On my website, I don't want people to be spamming my tons of times, because registering with me is very simple and only takes a little while.

Now normally I could just limit this by username, but of course there's no username to be had. So I was wondering how I'd go about doing this by, I guess IP? The way I think it would work would be to make a cookie with their IP, but I don't know how to get their IP. And also, I don't see where I would place the fact, in that cookie, that they had already signed up that day.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Search for "captcha" in this forum and in google for your spamming problem.

For your other quesrtion, $_SERVER['REMOTE_ADDR'] may (*) contain the IP of the connected user.
(*) unless he has a (good) proxy, in which case it becomes increasingly harder (up to impossible ;) !) to obtain his IP.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

There's all sorts of ways and methods to try and stop people spamming a form. Most don't work.

Cookies: People can clear them or switch them off. Bots just ignore them. Pointless.
Sessions: People can switch them off, bots can ignore them.
Form field randomisation: Changing the names of a forms fields randomly, and using unguessable field names can slow spammers down, but it's a fair amount of work.
Limiting to a unique email address and sending an 'activation' email: Worth doing because it stops complete amateurs, but it's still possible for a spam bot to get around if they're determined.
Limiting to one sign up from an IP address per hour/day: It'll limit spammers, but at the same time it'll stop people all in the same office/computer lab/building signing up if someone finds your page and says "hey, this is cool!" to their mates. Annoying.
Captcha images: Not a bad solution but it's not really very accessible and the most sophisticated spammers will employ people to enter codes all day.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Limiting to a unique email address and sending an 'activation' email:

I already do that, but it's good to know it stops amateurs. xD

And actually guys, you reminded me when you said "captcha". I forgot I made one up in psuedo-code last year. It's actually not the "real" way to do it, but if you're interested, I'll PM you. It requires some manual work, but it's not too bad.

Thanks, folks. I'll use this topic as a reference most definitely.
Post Reply