|
Posted by Rik on 12/13/06 19:03
J.O. Aho wrote:
> Kentor wrote:
>> Hello, how could I limit the number of times a user uses my "tell a
>> friend" form each minute? Or if anybody has a nice looking
>> tell-a-friend script which prevents spam already coded, that would
>> save up a little time. Thanks
>>
>
> Take a look at the "mail forms being abused" thread thats in this
> newsgroup, you should be able to find it with google groups.
A 'tell-a-friend' form is a different beast all together.
ASIDE from the header-injection prevention, you're sending mail to an
unknown, user-defined, adress, not a semi-hardcoded emailadress (i.e. the
site-owner). Nothing prevents me from writing a bot which will hit your
form hundreds of times using different ip's, cookies, etc. They might all
be valid visitors, or not. No real way to tell.
It's slow to spam like that compared to injection for sure, but none the
less very possible.
--
Rik Wasmus
[Back to original message]
|