being attacked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a newsletter signup form on my front page - you insert your
e-mail hit submit and through php it sends it to me and the client in
an e-mail.  The problem is - someone is sitting at home going
So I put a javascript making the person at least fake an e-mail address
or it would not go to the next page.  The problem is I think the person
has the second page in favourites and every now and then goes there and
hits refresh-refresh-refresh-refresh.
I'm getting about 10 a day - How can I stop it?  Help

Re: being attacked

bokke wrote:
Quoted text here. Click to load it

DO you do any validation on the input in your script before you send
the email? If you don't you should add it.


Re: being attacked

I have a javascript runnong to check for input - but not the php script
to first validate before sending!  Just What I Need!


Re: being attacked

bokke wrote:
Quoted text here. Click to load it
Use the function sleep() to halt the script for a second or 2.

This way, automated scripts are slowed down.

Re: being attacked

Quoted text here. Click to load it

Your site is probably being used as a weapon in a spamming or
mail-bombing attack.

Quoted text here. Click to load it

Javascript is useless against clients that don't run it.  If you
need to do validation, you need to do it ON THE SERVER.  Doing it
in Javascript also makes for a nicer interface for users making
honest mistakes, but you need to do the check on the server to avoid
having your site hacked or database filled with junk.

Quoted text here. Click to load it

You shouldn't send any email to an email address entered by the
user if you have sent email to that address recently (which might
mean 1 day or 1 week).  This would make the spammer/bomber come up
with *different* email addresses each time.  That probably only
annoys bombers with a specific target in mind, but it might keep
your site out of blacklists.  The down side is you need to keep
track of to whom and when you sent email (probably in a database).

Oh, yes, you might look at your web server logs, figure out this
guy's IP address ($_SERVER['REMOTE_ADDR']), or the IP block he
usually connects from, and refuse to send any mail.

                    Gordon L. Burditt

Re: being attacked

bokke wrote:

Quoted text here. Click to load it


I would get his IP-address, and block that specific IP-address.
It is stored in $_SERVER['REMOTE_ADDR'].
Just hardcode into your mailingscript to block that num.
Also, send him back an endless loop with HTML-bull to keep his spammingline  
That guy is maybe trying to use your email-script as a gateway to send his  
missirable spam into the world.
I do hate spammers so much...

Good luck

Erwin Moller

Re: being attacked


on 09/07/2005 12:54 PM bokke said the following:
Quoted text here. Click to load it

I think those are nervous users that double click on the button by  
accident or because they can wait and click again to make sure the site  
gets the submitted form.

You may want to try this forms generation class that prevents submit  
button double-clicking:


Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP

PHP Reviews - Reviews of PHP books and other products

Metastorage - Data object relational mapping layer generator

Site Timeline