|
Posted by J.O. Aho on 12/13/06 19:36
Rik wrote:
> J.O. Aho wrote:
>> Kentor wrote:
>>> Hello, how could I limit the number of times a user uses my "tell a
>>> friend" form each minute? Or if anybody has a nice looking
>>> tell-a-friend script which prevents spam already coded, that would
>>> save up a little time. Thanks
>>>
>> Take a look at the "mail forms being abused" thread thats in this
>> newsgroup, you should be able to find it with google groups.
>
> A 'tell-a-friend' form is a different beast all together.
> ASIDE from the header-injection prevention, you're sending mail to an
> unknown, user-defined, adress, not a semi-hardcoded emailadress (i.e. the
> site-owner). Nothing prevents me from writing a bot which will hit your
> form hundreds of times using different ip's, cookies, etc. They might all
> be valid visitors, or not. No real way to tell.
No of course you can write a bot and thats what is used, but even spammers
like to send as many users as possible at one try, which you should prevent.
You can throw in a short lived session if the session isn't there, then don't
mail, this would cause more work for the spammers to be able to spam.
Another thing is to cue the mail and use a cron script that runs the mail
through spamassassin before sending it, if caught as spam, don't mail.
--
//Aho
[Back to original message]
|