Posted by M on 03/01/06 22:41

OK, I've been hit by the email spammers, and now validate every field,
chop out all the nasty commands and die if anything is suspicious.

I now want to implement a 'send this idea to someone' type page where a
user can put in their own email id, a friends email id and send a short
message.

Obviously I can trap all the usual nasties and die if I detect one, but
there wont be anything to stop a script calling the page and specifying
one email address at a time, and doing this hundreds of times.

So, what options are available to detect a genuine person v script?

1. type what you see in the image - I really don't like these
2. limit number of calls per IP address in X minutes
3. is there any way to only present / allow the form on the result of a
mouse click (i.e. cannot call the form directly), and can scripts
simulate a mouse click

Grateful if people could suggest potential options, would something like
3 above work at all?

Cheers,
M.

[Back to original message]