Hi again. On my website, I don't want people to be spamming my tons of times, because registering with me is very simple and only takes a little while.
Now normally I could just limit this by username, but of course there's no username to be had. So I was wondering how I'd go about doing this by, I guess IP? The way I think it would work would be to make a cookie with their IP, but I don't know how to get their IP. And also, I don't see where I would place the fact, in that cookie, that they had already signed up that day.
Hmm. Spamming registers.
Moderator: General Moderators
-
Mightywayne
- Forum Contributor
- Posts: 237
- Joined: Sat Dec 09, 2006 6:46 am
There's all sorts of ways and methods to try and stop people spamming a form. Most don't work.
Cookies: People can clear them or switch them off. Bots just ignore them. Pointless.
Sessions: People can switch them off, bots can ignore them.
Form field randomisation: Changing the names of a forms fields randomly, and using unguessable field names can slow spammers down, but it's a fair amount of work.
Limiting to a unique email address and sending an 'activation' email: Worth doing because it stops complete amateurs, but it's still possible for a spam bot to get around if they're determined.
Limiting to one sign up from an IP address per hour/day: It'll limit spammers, but at the same time it'll stop people all in the same office/computer lab/building signing up if someone finds your page and says "hey, this is cool!" to their mates. Annoying.
Captcha images: Not a bad solution but it's not really very accessible and the most sophisticated spammers will employ people to enter codes all day.
Cookies: People can clear them or switch them off. Bots just ignore them. Pointless.
Sessions: People can switch them off, bots can ignore them.
Form field randomisation: Changing the names of a forms fields randomly, and using unguessable field names can slow spammers down, but it's a fair amount of work.
Limiting to a unique email address and sending an 'activation' email: Worth doing because it stops complete amateurs, but it's still possible for a spam bot to get around if they're determined.
Limiting to one sign up from an IP address per hour/day: It'll limit spammers, but at the same time it'll stop people all in the same office/computer lab/building signing up if someone finds your page and says "hey, this is cool!" to their mates. Annoying.
Captcha images: Not a bad solution but it's not really very accessible and the most sophisticated spammers will employ people to enter codes all day.
-
Mightywayne
- Forum Contributor
- Posts: 237
- Joined: Sat Dec 09, 2006 6:46 am
Limiting to a unique email address and sending an 'activation' email:
I already do that, but it's good to know it stops amateurs. xD
And actually guys, you reminded me when you said "captcha". I forgot I made one up in psuedo-code last year. It's actually not the "real" way to do it, but if you're interested, I'll PM you. It requires some manual work, but it's not too bad.
Thanks, folks. I'll use this topic as a reference most definitely.
I already do that, but it's good to know it stops amateurs. xD
And actually guys, you reminded me when you said "captcha". I forgot I made one up in psuedo-code last year. It's actually not the "real" way to do it, but if you're interested, I'll PM you. It requires some manual work, but it's not too bad.
Thanks, folks. I'll use this topic as a reference most definitely.