Reputation: 4299
PHP: avoid Flood/Spam system by session?
can I use Session avoid Flood/Spam ? ( spam in form ). I only need avoid use can repeat action as 3,4 action /s .
Upvotes: 1
Views: 1284
Answers (2)
Reputation: 6866
You could track an IP+UserAgent on the server over a short duration, but you couldn't depend on tracking a cookie (as a user agent like cURL could just disregard saving it) unless a valid cookie matching a session was required to interact with your site.
If the IPs or UserAgents spamming your site/app were constantly changing then there's no sense in even storing them on the server to simulate a cookie. You'd want to create a CAPTCHA to gate whatever is being spammed.
We'd need more information to be any less general. ;)
Upvotes: 0
Reputation: 157892
No, you can't use session mechanism to avoid flood.
Because you can't force a client to keep a session.
You can use session to support CAPTCHA test though.
Upvotes: 2
Related Questions
- Anti-flood DDoS in PHP
- Effective way to protect session hijacking in php
- Prevent PHP sesison hijack, are these good ideas?
- PHP - Methodology to prevent spam flooding and also excessive bandwidth
- How to get around server flooding by users opening countless tabs?
- Anti-flood in forumsoftware
- PHP sessions; How should I solve this big security problem?
- Session hijacking from another angle
- PHP: Anti-Flood/Spam system