how to prevent websites from unwanted system generated HTTP calls

Question

I have a dynamic php page which update user's chosen pol option to DB. Sometimes my Apache Server gets overloaded by call to this page only ( means some one is using script to call this in loop) Can you please help me prevent this?

I have planned to do this:

1. I will keep no of request as counter for every request in memcache ( key: md5( user Ip ), Value: counter )
2. If counter exceed 10 in 10 sec, i will block that user.

But Keeping Ip as keys is not working because many organization use single internet ip for all their employee system.

Answer 1

As with most polls you need a way to make sure a user can only vote once. There are a few ways to make sure only a single vote is cast.

• Require register user (safest and most secure)
• One vote per IP (problem with multiple users on same Ip)
• One vote per xx min per IP (better to prevent overload, but not false votes)
• Captcha code to prevent automatic submit (I like this one, http://www.webappers.com/2011/03/03/a-draggable-jquery-captcha-system-with-jquery-ui/ )
• Hidden code in pol which can be used only once. Everytime you generate a pol, generate a code to be used once. No code, wrong code or used code is no vote. Kind of like a hidden captcha. More userfriendly but less secure.

It all depends what you want to prevent. If its just overloading, but people can vote more then once, then you have a lot more options. If you only want to allow a single vote per user, only a register system is secure. Although ofcourse somebody could create more then one account.

Answer 2

While I usually hate Captcha's...you could try to implement one on your site. You could even make the Captcha only show up after X number of votes from the same IP so that the general public won't even see it.