|
Posted by Gordon Burditt on 09/07/05 21:47
>I have a newsletter signup form on my front page - you insert your
>e-mail hit submit and through php it sends it to me and the client in
>an e-mail. The problem is - someone is sitting at home going
>click-return-click-return-click-return-click.
Your site is probably being used as a weapon in a spamming or
mail-bombing attack.
>So I put a javascript making the person at least fake an e-mail address
>or it would not go to the next page.
Javascript is useless against clients that don't run it. If you
need to do validation, you need to do it ON THE SERVER. Doing it
in Javascript also makes for a nicer interface for users making
honest mistakes, but you need to do the check on the server to avoid
having your site hacked or database filled with junk.
>The problem is I think the person
>has the second page in favourites and every now and then goes there and
>hits refresh-refresh-refresh-refresh.
>I'm getting about 10 a day - How can I stop it? Help
You shouldn't send any email to an email address entered by the
user if you have sent email to that address recently (which might
mean 1 day or 1 week). This would make the spammer/bomber come up
with *different* email addresses each time. That probably only
annoys bombers with a specific target in mind, but it might keep
your site out of blacklists. The down side is you need to keep
track of to whom and when you sent email (probably in a database).
Oh, yes, you might look at your web server logs, figure out this
guy's IP address ($_SERVER['REMOTE_ADDR']), or the IP block he
usually connects from, and refuse to send any mail.
Gordon L. Burditt
[Back to original message]
|