Page 1 of 1

Stopping people from mail()ing 20 billion times

Posted: Sun Jul 29, 2007 10:50 am
by Chalks
The title pretty much sums up my question...

How can I stop people from using my "contact me" form 20 billion times in a row?


I thought about using a session and saying

Code: Select all

if($_SESSION['mailsSent']<=5)
{
// allow them to send another email
$_SESSION['mailsSent']++;
}
else
{
// tell them to stop spamming me
}
however, doesn't a session stay in the user's cookies for awhile? What if they have a different issue two hours later? So, I'd like this: check if a certain ip has sent more than 5 in 2 hours. If yes, stop them from sending more until two hours later. Is there any way to do that? Like, set a session['expireInTwoHours'] tag or something?

Posted: Sun Jul 29, 2007 10:57 am
by Charles256
http://www.php.net/manual/en/ref.sessio ... axlifetime . That's the setting. It can be altered using http://us2.php.net/ini_set . Hope that helps you out. :)

Posted: Sun Jul 29, 2007 11:09 am
by Chalks
oh sweet, that's exactly what I was looking for.

Thank you! :D

Posted: Sun Jul 29, 2007 2:47 pm
by onion2k
Don't rely on sessions to stop spammers. If the user clears their cookie (by restarting their browser, clear cookies, or dropping the variable if it's a spambot) they'll get a new session. You need to limit the number of mails sent per IP address if spam is a problem.

Posted: Sun Jul 29, 2007 2:56 pm
by Charles256
: agrees with onion : Unless of course you're spammer's coming from AOL and his IP address is changing every request... Oh well. All you can do is your best. :)

Posted: Sun Jul 29, 2007 3:12 pm
by Ambush Commander
It may be a good idea to batch emails sent by the form together into one, daily email.

Posted: Sun Jul 29, 2007 3:39 pm
by alex.barylski
captcha

Posted: Sun Jul 29, 2007 4:05 pm
by Benjamin
captcha is really your only option. Pretty much anything else I could get around if I wanted to.