Stopping people from mail()ing 20 billion times

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Stopping people from mail()ing 20 billion times

Post by Chalks »

The title pretty much sums up my question...

How can I stop people from using my "contact me" form 20 billion times in a row?


I thought about using a session and saying

Code: Select all

if($_SESSION['mailsSent']<=5)
{
// allow them to send another email
$_SESSION['mailsSent']++;
}
else
{
// tell them to stop spamming me
}
however, doesn't a session stay in the user's cookies for awhile? What if they have a different issue two hours later? So, I'd like this: check if a certain ip has sent more than 5 in 2 hours. If yes, stop them from sending more until two hours later. Is there any way to do that? Like, set a session['expireInTwoHours'] tag or something?
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

http://www.php.net/manual/en/ref.sessio ... axlifetime . That's the setting. It can be altered using http://us2.php.net/ini_set . Hope that helps you out. :)
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Post by Chalks »

oh sweet, that's exactly what I was looking for.

Thank you! :D
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Don't rely on sessions to stop spammers. If the user clears their cookie (by restarting their browser, clear cookies, or dropping the variable if it's a spambot) they'll get a new session. You need to limit the number of mails sent per IP address if spam is a problem.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

: agrees with onion : Unless of course you're spammer's coming from AOL and his IP address is changing every request... Oh well. All you can do is your best. :)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

It may be a good idea to batch emails sent by the form together into one, daily email.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

captcha
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

captcha is really your only option. Pretty much anything else I could get around if I wanted to.
Post Reply