PDA

View Full Version : Preventing email form abuse

LunarOrbit
07-03-03, 09:39 PM
Hi, everyone.

I'm trying to find a way to prevent people from abusing my email form, especially preventing them from flooding my inbox by clicking the send button 5000 times.

Is there a way to add a "1 email per minute" restriction to a formmail script so that the delay might discourage them from flooding my inbox? I know some message board programs have some form of flood control built into them.

I was thinking of using a cookie on the user's computer to record the time they last sent me an email, but if they have cookies disabled in their browser that won't work.

I also tried disabling the back button so that they couldn't return to the email form after they sent one, but I couldn't get that to work.

Does anyone have a fool-proof way to prevent the kind of email attack I'm worried about?

I'm using the NMS FormMail clone (http://nms-cgi.sourceforge.net/).

Thanks.
Man Down
07-04-03, 12:57 AM
Hi,

I'm a begginer when it comes to perl but I could explain the logic on how you could do this so you could write your own code. Send me a PM and I'll help you out.

Regards,
LunarOrbit
07-04-03, 09:29 AM
I'm lower than a beginner when it comes to writing scripts so I don't think I could do it myself. :)
rob2132
10-04-03, 10:55 PM
Hi, everyone.

I'm trying to find a way to prevent people from abusing my email form, especially preventing them from flooding my inbox by clicking the send button 5000 times.

Is there a way to add a "1 email per minute" restriction to a formmail script so that the delay might discourage them from flooding my inbox? I know some message board programs have some form of flood control built into them.

I was thinking of using a cookie on the user's computer to record the time they last sent me an email, but if they have cookies disabled in their browser that won't work.

I also tried disabling the back button so that they couldn't return to the email form after they sent one, but I couldn't get that to work.

Does anyone have a fool-proof way to prevent the kind of email attack I'm worried about?

I'm using the NMS FormMail clone (http://nms-cgi.sourceforge.net/).

Thanks.

Don't rely on cookies for any type of security, checking or control in regards to your script. As for limiting, it would be best to do this perl IP and limit one IP to only use the formmail script once per minute, and only say 15 tiems a day, if even that much. Yo ucan add an auto-block feature if they hit it too much, too often--or especially if they try and pass variables to it thinking they can exploit it to spam through (like the Matt Wright scripts allow).